Skip to main content

Canboat

1 CVEs product

Monthly

CVE-2026-56790 HIGH POC PATCH This Week

Denial of service in CANBoat (the open-source NMEA 2000/CAN bus analyzer) through version 6.22 allows attackers to crash the analyzer by delivering a crafted NMEA-2000 message containing an out-of-range PGN value. The flaw is an off-by-one global buffer overflow in the searchForPgn() binary-search routine in analyzer/pgn.c, where an out-of-range PGN causes a one-element read past the end of the pgnList[] table. Publicly available exploit code exists (FuzzingLabs PoC value 393216 via issue #644), and a vendor patch is available; there is no public exploit identified as actively exploited.

Buffer Overflow Denial Of Service Canboat
NVD GitHub
CVSS 4.0
7.0
EPSS
0.2%
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

Denial of service in CANBoat (the open-source NMEA 2000/CAN bus analyzer) through version 6.22 allows attackers to crash the analyzer by delivering a crafted NMEA-2000 message containing an out-of-range PGN value. The flaw is an off-by-one global buffer overflow in the searchForPgn() binary-search routine in analyzer/pgn.c, where an out-of-range PGN causes a one-element read past the end of the pgnList[] table. Publicly available exploit code exists (FuzzingLabs PoC value 393216 via issue #644), and a vendor patch is available; there is no public exploit identified as actively exploited.

Buffer Overflow Denial Of Service Canboat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy