Description
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically valid. However, this reveals a logic-based protocol failure where semantic constraints on specific fields are only strictly enforced during OER re-encoding. Specifically, if a crafted packet contains a certificate where the Psid (Provider Service Identifier) sub-type violates subtype constraints (e.g., out-of-range or invalid CHOICE variant), it is accepted during initial parsing, where subtype constraints are not enforced. Later, when StraightVerifyService attempts to calculate a message hash for cryptographic verification, it must re-encode the signing certificate. The underlying ASN.1 wrapper (asn1c_wrapper.cpp) detects the semantic violation during encoding and raises a std::runtime_error. This exception is not caught within the encoding path and propagates to std::terminate, resulting in immediate process termination. This vulnerability is fixed with commit e1a2e2709210d309458c3d77f98d50dec26c0df0.
Published: 2026-05-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Vanetza, an open‑source ETSI C‑ITS protocol suite, has a logic failure in its cryptographic verification pipeline. The ASN.1 decoder accepts incoming V2X messages as syntactically valid but does not enforce semantic constraints on certificate fields until later re‑encoding via OER. A crafted packet containing a certificate with a violated Psid subtype passes the initial parse, and when StraightVerifyService attempts to re‑encode the certificate a std::runtime_error is thrown. Because the exception is uncaught, std::terminate is invoked and the Vanetza process exits immediately. The outcome is a denial‑of‑service that interrupts the service’s availability. This weakness is classified as CWE‑248.

Affected Systems

The affected product is Vanetza from the vendor riebl. Versions 26.02 and all earlier releases are vulnerable. The vulnerability is fixed by applying commit e1a2e2709210d309458c3d77f98d50dec26c0df0, or by upgrading to a newer release that contains the fix.

Risk and Exploitability

The CVSS score of 7.5 indicates a high‑severity impact. No EPSS information is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation has been observed to date. Nonetheless, the attack can be triggered by an attacker who can inject malicious V2X traffic into the target system; authentication or complex prerequisites are not required. Once crafted traffic is delivered, the vulnerable process will terminate without any mitigations in place, causing an immediate outage. The threat remains largely limited to denial of service, but the exploitability is high due to the lack of defensive checks.

Generated by OpenCVE AI on May 26, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Vanetza to the latest release that includes commit e1a2e2709210d309458c3d77f98d50dec26c0df0 or apply the patch directly to the repository.
  • In environments where immediate upgrade is not feasible, temporarily wrap the cryptographic verification routine in a try/catch block to handle the std::runtime_error and prevent std::terminate from exiting the process.
  • Monitor application logs for abrupt termination events and verify that the process remains operational after applying the fix or workaround.

Generated by OpenCVE AI on May 26, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Riebl
Riebl vanetza
Vendors & Products Riebl
Riebl vanetza

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically valid. However, this reveals a logic-based protocol failure where semantic constraints on specific fields are only strictly enforced during OER re-encoding. Specifically, if a crafted packet contains a certificate where the Psid (Provider Service Identifier) sub-type violates subtype constraints (e.g., out-of-range or invalid CHOICE variant), it is accepted during initial parsing, where subtype constraints are not enforced. Later, when StraightVerifyService attempts to calculate a message hash for cryptographic verification, it must re-encode the signing certificate. The underlying ASN.1 wrapper (asn1c_wrapper.cpp) detects the semantic violation during encoding and raises a std::runtime_error. This exception is not caught within the encoding path and propagates to std::terminate, resulting in immediate process termination. This vulnerability is fixed with commit e1a2e2709210d309458c3d77f98d50dec26c0df0.
Title Vanetza: Remote Denial of Service via Uncaught OER Encoding Exception in Cryptographic Verification
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Riebl Vanetza
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T13:01:57.541Z

Reserved: 2026-05-07T21:50:33.547Z

Link: CVE-2026-44905

cve-icon Vulnrichment

Updated: 2026-05-27T13:01:52.093Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T22:16:43.150

Modified: 2026-06-01T18:22:32.550

Link: CVE-2026-44905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T22:30:18Z

Weaknesses