CVE-2026-37554 - Vulnerability Details

- Denial of Service via Unchecked OpenSSL Exceptions in Vanetza V2X

Description

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught by the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line 19) throws openssl::Exception when OpenSSL operations fail. The parser's catch block in parse_secured() should catch these, but the exception escapes through subsequent processing stages (indicate_common, indicate_extended). This causes std::terminate, crashing the V2X receiver.

Published: 2026-05-01

Score: 7.5 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Vanetza V2X v26.02 contains a defect in the GeoNetworking packet parser where OpenSSL exceptions thrown during ECC point validation are not fully caught. The exception propagates through the Router::indicate() call chain, ultimately causing std::terminate and crashing the receiver process. Attackers can exploit this remotely, sending crafted packets to trigger the exception and bring the V2X service down, disrupting critical vehicle‑to‑vehicle communications.

Affected Systems

The vulnerability affects installations of Vanetza V2X version 26.02. Any system running this specific release is susceptible; newer releases after 26.02 are not mentioned.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact. Although an EPSS score is not provided, the lack of a KEV listing suggests no currently documented exploits. The attack vector is inferred to be remote, as the payload is delivered over the network to the IPv6 GeoNetworking stack.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Vanetza to a version that includes the fixed exception handling in the GeoNetworking module.
If an upgrade is not immediately possible, apply a local code patch that surrounds the OpenSSL operations in check() with a try/catch to swallow openssl::Exception and prevents std::terminate.
Configure network controls to limit or inspect incoming GeoNetworking packets, reducing the opportunity for crafted packets to reach the vulnerable layer.

Generated by OpenCVE AI on May 2, 2026 at 07:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://gist.github.com/sgInnora/45128ae15d52df7238680a8f2da8359f
https://github.com/riebl/vanetza
https://github.com/riebl/vanetza/blob/master/vanetza/geonet/router.cpp
https://github.com/riebl/vanetza/blob/master/vanetza/security/openssl_wrapper.cpp

History

Sat, 02 May 2026 08:15:00 +0000

Type	Values Removed	Values Added
Title		Denial of Service via Unchecked OpenSSL Exceptions in Vanetza V2X

Fri, 01 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-248
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 01 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught by the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line 19) throws openssl::Exception when OpenSSL operations fail. The parser's catch block in parse_secured() should catch these, but the exception escapes through subsequent processing stages (indicate_common, indicate_extended). This causes std::terminate, crashing the V2X receiver.
References		https://gist.github.com/sgInnora/45128ae15d52df7238680a8f2da8359f https://github.com/riebl/vanetza https://github.com/riebl/vanetza/blob/master/vanetza/geonet/router.cpp https://github.com/riebl/vanetza/blob/master/vanetza/security/openssl_wrapper.cpp
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-01T00:00:00.000Z

Updated: 2026-05-01T19:45:42.041Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37554

Vulnrichment

Updated: 2026-05-01T19:37:49.005Z

NVD

Status : Received

Published: 2026-05-01T16:16:31.060

Modified: 2026-05-01T20:16:23.853

Link: CVE-2026-37554

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T08:00:14Z

Weaknesses

CWE-248

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object