CVE-2026-42996

Published: May 1, 2026

Modified: May 1, 2026

PUBLISHED

Description

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.

Vendor	Product	Versions
JS8Call	JS8Call	affected `0 - <= 2.3.1`
JS8Call-improved	JS8Call-improved	affected `0 - < 3.0`

Weaknesses (CWE)

CWE-121

References

https://github.com/JS8Call-improved/JS8Call-improved/security/advisories/GHSA-98hp-pjp7-w62x

https://amateur-radio-resources.sourceforge.io/PDF/JS8APRS.pdf

https://github.com/js8call/js8call/blob/fd721e8b67eed84cb3c09d018205ab9a53e1a8b1/APRSISClient.cpp#L89-L102

https://github.com/JS8Call-improved/JS8Call-improved/commit/a6c7a19b82bbd7c2c0c892576f84d7449e8c7088

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-42996

Description

Affected Products

Weaknesses (CWE)

References