VYPR
← All advisories
High severity7.5NVD Advisory· Published May 26, 2026

CVE-2026-44905

CVE-2026-44905

Description

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically valid. However, this reveals a logic-based protocol failure where semantic constraints on specific fields are only strictly enforced during OER re-encoding. Specifically, if a crafted packet contains a certificate where the Psid (Provider Service Identifier) sub-type violates subtype constraints (e.g., out-of-range or invalid CHOICE variant), it is accepted during initial parsing, where subtype constraints are not enforced. Later, when StraightVerifyService attempts to calculate a message hash for cryptographic verification, it must re-encode the signing certificate. The underlying ASN.1 wrapper (asn1c_wrapper.cpp) detects the semantic violation during encoding and raises a std::runtime_error. This exception is not caught within the encoding path and propagates to std::terminate, resulting in immediate process termination. This vulnerability is fixed with commit e1a2e2709210d309458c3d77f98d50dec26c0df0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A single crafted V2X packet causes denial of service in Vanetza 26.02 and earlier via an uncaught exception during certificate re-encoding in cryptographic verification.

Vulnerability

In Vanetza versions up to and including 26.02, a denial-of-service vulnerability exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts a crafted packet as syntactically valid, but semantic constraints on the Psid (Provider Service Identifier) sub-type are not enforced during decoding. Later, during verification, StraightVerifyService::verify calls calculate_message_hash which attempts to re-encode the signing certificate via CertificateView::encode [1]. The underlying ASN.1 wrapper (asn1c_wrapper.cpp) detects the semantic violation during OER encoding and raises a std::runtime_error that is not caught, leading to std::terminate and immediate process termination [1].

Exploitation

An attacker with network access to a Vanetza instance can send a single crafted V2X message containing a certificate with an invalid Psid sub-type (e.g., out-of-range or invalid CHOICE variant) [1]. No authentication or user interaction is required. The message is accepted by the ASN.1 decoder, and the crash occurs deterministically when the StraightVerifyService tries to verify the message signature [1].

Impact

Successful exploitation causes a denial-of-service (DoS) by terminating the Vanetza process, disrupting V2X communication capabilities [1]. The vulnerability is deterministic and requires only a single packet, making it easily exploitable remotely [1].

Mitigation

The vulnerability is fixed in commit e1a2e2709210d309458c3d77f98d50dec26c0df0 [2]. Users should update to a version containing this commit or apply the patch directly [1]. The fix adds exception handling around the calculate_message_hash call to catch std::exception and return a VerificationReport::Incompatible_Protocol instead of crashing [1][2]. No workaround is available without patching [1].

References
  1. Remote Denial of Service via Uncaught OER Encoding Exception in Cryptographic Verification
  2. security: mitigate malformed certificate when verifying message · riebl/vanetza@e1a2e27

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Riebl/Vanetzareferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=26.02

Patches

1
e1a2e2709210

security: mitigate malformed certificate when verifying message

https://github.com/riebl/vanetzaRaphael RieblMay 6, 2026via text-mined
commit
1 file changed · +10 4
  • vanetza/security/straight_verify_service.cpp+10 4 modified
    @@ -532,10 +532,16 @@ VerifyConfirm StraightVerifyService::verify(const v3::SecuredMessage& msg)
         return confirm;
     }
 
-    ByteBuffer msg_hash = v3::calculate_message_hash(m_backend, msg.hash_id(),
-        msg.signing_payload(), v3::CertificateView { certificate });
-    if (!m_backend.verify_digest(*public_key, msg_hash, *signature)) {
-        confirm.report = VerificationReport::False_Signature;
+    try {
+        ByteBuffer msg_hash = v3::calculate_message_hash(m_backend, msg.hash_id(),
+            msg.signing_payload(), v3::CertificateView { certificate });
+        if (!m_backend.verify_digest(*public_key, msg_hash, *signature)) {
+            confirm.report = VerificationReport::False_Signature;
+            return confirm;
+        }
+    } catch (const std::exception&) {
+        // malformed input data, e.g. failing certificate encoding
+        confirm.report = VerificationReport::Incompatible_Protocol;
         return confirm;
     }

Vulnerability mechanics

Root cause

"Missing exception handling around certificate re-encoding during hash calculation allows a subtype-constraint violation in a crafted certificate to trigger an uncaught std::runtime_error, leading to std::terminate."

Attack vector

An unauthenticated attacker sends a crafted V2X message over the network containing a certificate whose Psid (Provider Service Identifier) sub-type violates subtype constraints (e.g., out-of-range or invalid CHOICE variant) [ref_id=1]. The ASN.1 decoder accepts the message as syntactically valid because subtype constraints are not enforced during initial parsing. When `StraightVerifyService::verify` processes the message, it attempts to re-encode the certificate for hash calculation, which triggers the semantic constraint check and raises an uncaught exception, leading to `std::terminate` and process crash [patch_id=2592761]. No authentication or special network position is required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N).

Affected code

The vulnerability resides in `vanetza/security/straight_verify_service.cpp` in the `StraightVerifyService::verify` method. The code calls `v3::calculate_message_hash` with a `CertificateView` constructed from a certificate that may contain a malformed Psid sub-type violating subtype constraints. The underlying ASN.1 encoder (`asn1c_wrapper.cpp`) detects the semantic violation during re-encoding and throws a `std::runtime_error`, which was uncaught prior to the patch [patch_id=2592761].

What the fix does

The patch wraps the `calculate_message_hash` call and the subsequent `verify_digest` call in a try-catch block that catches `std::exception` [patch_id=2592761]. On catching an exception (e.g., from a failing certificate encoding), the handler sets `confirm.report = VerificationReport::Incompatible_Protocol` and returns gracefully instead of letting the exception propagate to `std::terminate`. This converts a denial-of-service crash into a benign protocol-level rejection. The commit message notes this is a mitigation for malformed certificates during message verification [ref_id=1].

Preconditions

  • networkAttacker must be able to send a crafted V2X message to a Vanetza-based receiver over the network
  • authNo authentication required
  • inputThe crafted message must contain a certificate with a Psid sub-type that violates subtype constraints (e.g., out-of-range or invalid CHOICE variant)

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.