← back
CVE-2026-56790

CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CVSS 7 HIGHEPSS 0.2%CWE-193
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
canboat · canboat
public PoCs found1
cve_referencegithub.com/canboat/canboat/issues/644unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/canboat/canboat/commit/a5a22b74b9ac5688019cba62669df08562cebd6fhttps://github.com/canboat/canboat/issues/644https://github.com/canboat/canboat/pull/649https://www.vulncheck.com/advisories/canboat-off-by-one-global-buffer-overflow-in-searchforpgn