CVE-2026-35085

Stack buffer overflow in method gdv-serverconfig

CVSS 8.7 HIGHEPSS 0.5%CWE-121

In short

A user can send specially crafted data to gdv-serverconfig that overflows a memory buffer on the stack, allowing them to take complete control of the system with root privileges.

Technical detail

Stack buffer overflow in gdv-serverconfig (CWE-121) allows an authenticated attacker to overwrite stack memory and execute arbitrary code with root privileges. The vulnerability requires valid user credentials and can be triggered by supplying oversized input to the affected method, bypassing security restrictions.

Summary generated and translated by AI from the official description.

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MBS · Double-A Profibus MBS · Double-A x-link MBS · Double-X CAN MBS · Double-X DALI MBS · Double-X KNX MBS · Double-X LON MBS · Double-X M-Bus MBS · Double-X PROFINET MBS · Double-X x-link MBS · Single-A MBS · Single-X MBS · Triple-X KNX+DALI MBS · Triple-X KNX+LON MBS · Triple-X KNX+M-Bus MBS · Triple-X PROFINET+DALI MBS · Triple-X PROFINET+KNX MBS · Triple-X PROFINET+LON MBS · Triple-X PROFINET+M-Bus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.certvde.com/en/advisories/VDE-2026-039/