What is the CVSS score of EUVD-2026-28786?

EUVD-2026-28786 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of kosma minmea are affected by EUVD-2026-28786?

A stack buffer overflow vulnerability in kosma minmea 0.3.0 enables remote attackers to crash systems processing GPS/NMEA data without authentication, affecting any application using this library for…

kosma minmea EUVD-2026-28786

| CVE-2026-29974 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-08 mitre

GHSA-9p5f-57xg-vg2m

Buffer Overflow Stack Overflow

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 08, 2026 - 19:23 vuln.today

CVSS changed

May 08, 2026 - 19:22 NVD

7.5 (HIGH)

CVE Published

May 08, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

CVE Published

May 08, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan on untrusted input are vulnerable to a stack buffer overflow.

AnalysisAI

Stack buffer overflow in kosma minmea 0.3.0 allows remote unauthenticated attackers to cause denial of service through crafted NMEA field data. The minmea_scan function's format specifier copies data to caller-provided buffers without size validation, enabling memory corruption when processing untrusted NMEA GPS sentences. …

RemediationAI

Within 24 hours: inventory all systems and applications using kosma minmea 0.3.0 or earlier versions; isolate affected systems from untrusted NMEA data sources where possible. Within 7 days: evaluate upgrade options to minmea 0.4.0 or later if available; if unavailable, implement network-level input validation to reject malformed NMEA sentences. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28786 vulnerability details – vuln.today

Back

kosma minmea EUVD-2026-28786

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code