Skip to main content

Js8Call Improved

1 CVEs product

Monthly

CVE-2026-42996 CRITICAL PATCH Act Now

Stack-based buffer overflow in JS8Call allows remote code execution via crafted radio transmission containing an oversized Maidenhead grid locator. CVSS 10.0 reflects network-reachable attack with no authentication required. Both JS8Call (through 2.3.1) and JS8Call-improved (before 3.0) are affected by the overflow in grid2deg function within APRSISClient.cpp. Vendor patch available for JS8Call-improved 3.0+; JS8Call project status unclear. No confirmed active exploitation or public POC identified at time of analysis, though attack vector is straightforward for actors with radio transmission capabilities.

Stack Overflow Buffer Overflow Js8Call Js8Call Improved
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.0%
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Stack-based buffer overflow in JS8Call allows remote code execution via crafted radio transmission containing an oversized Maidenhead grid locator. CVSS 10.0 reflects network-reachable attack with no authentication required. Both JS8Call (through 2.3.1) and JS8Call-improved (before 3.0) are affected by the overflow in grid2deg function within APRSISClient.cpp. Vendor patch available for JS8Call-improved 3.0+; JS8Call project status unclear. No confirmed active exploitation or public POC identified at time of analysis, though attack vector is straightforward for actors with radio transmission capabilities.

Stack Overflow Buffer Overflow Js8Call +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy