CVE-2026-43988: CWE-248: Uncaught Exception in riebl vanetza
CVE-2026-43988 is a high-severity denial-of-service vulnerability in Vanetza, an open-source implementation of the ETSI C-ITS protocol suite. The issue arises from an uncaught std::runtime_error exception triggered by malformed ASN. 1/OER network packets during parsing. This exception causes the process to terminate unexpectedly. The vulnerability affects Vanetza versions 26. 02 and earlier and is fixed in commit 62dfe58a8342512b6e1947d75821402ada524f1a.
AI Analysis
Technical Summary
Vanetza versions up to 26.02 contain a denial-of-service vulnerability in the ASN.1/OER parsing pipeline. When processing malformed network packets with corrupted ASN.1/OER structures, the ASN.1 wrapper raises an uncaught std::runtime_error exception. This exception propagates to std::terminate, causing the Vanetza process to terminate unexpectedly. The vulnerability is identified as CWE-248 (Uncaught Exception). A fix is available in commit 62dfe58a8342512b6e1947d75821402ada524f1a.
Potential Impact
Successful exploitation results in denial of service by causing the Vanetza process to terminate unexpectedly upon receiving malformed ASN.1/OER network packets. There is no impact on confidentiality or integrity reported. The CVSS v3.1 score is 7.5 (High), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability.
Mitigation Recommendations
A fix for this vulnerability is available in commit 62dfe58a8342512b6e1947d75821402ada524f1a. Users should upgrade to this fixed version or any later release incorporating this commit to remediate the issue. Patch status is confirmed by the vendor commit; no additional vendor advisory is provided. No other mitigations are indicated.
CVE-2026-43988: CWE-248: Uncaught Exception in riebl vanetza
Description
CVE-2026-43988 is a high-severity denial-of-service vulnerability in Vanetza, an open-source implementation of the ETSI C-ITS protocol suite. The issue arises from an uncaught std::runtime_error exception triggered by malformed ASN. 1/OER network packets during parsing. This exception causes the process to terminate unexpectedly. The vulnerability affects Vanetza versions 26. 02 and earlier and is fixed in commit 62dfe58a8342512b6e1947d75821402ada524f1a.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Vanetza versions up to 26.02 contain a denial-of-service vulnerability in the ASN.1/OER parsing pipeline. When processing malformed network packets with corrupted ASN.1/OER structures, the ASN.1 wrapper raises an uncaught std::runtime_error exception. This exception propagates to std::terminate, causing the Vanetza process to terminate unexpectedly. The vulnerability is identified as CWE-248 (Uncaught Exception). A fix is available in commit 62dfe58a8342512b6e1947d75821402ada524f1a.
Potential Impact
Successful exploitation results in denial of service by causing the Vanetza process to terminate unexpectedly upon receiving malformed ASN.1/OER network packets. There is no impact on confidentiality or integrity reported. The CVSS v3.1 score is 7.5 (High), reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability.
Mitigation Recommendations
A fix for this vulnerability is available in commit 62dfe58a8342512b6e1947d75821402ada524f1a. Users should upgrade to this fixed version or any later release incorporating this commit to remediate the issue. Patch status is confirmed by the vendor commit; no additional vendor advisory is provided. No other mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-04T20:24:31.916Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a161539e29bf47b506c5392
Added to database: 5/26/2026, 9:48:41 PM
Last enriched: 5/26/2026, 10:04:33 PM
Last updated: 5/27/2026, 4:56:13 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.