{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:19:36.383","vulnerabilities":[{"cve":{"id":"CVE-2026-21870","sourceIdentifier":"security-advisories@github.com","published":"2026-02-13T18:16:19.783","lastModified":"2026-02-18T18:49:07.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SIGABRT) when processing string literals longer than the buffer limit. The tokenizer_string function in src/bacnet/basic/program/ubasic/tokenizer.c incorrectly handles null termination for maximum-length strings. It writes a null byte to dest[40] when the buffer size is only 40 (indices 0-39), triggering a stack overflow."},{"lang":"es","value":"La librería de la pila de protocolo BACnet proporciona servicios de comunicación de capa de aplicación, capa de red y capa de acceso al medio (MAC) de BACnet. En las versiones 1.4.2, 1.5.0.rc2 y anteriores, un desbordamiento de búfer basado en pila por un byte en el intérprete ubasic provoca un fallo (SIGABRT) al procesar literales de cadena más largos que el límite del búfer. La función tokenizer_string en src/bacnet/basic/program/ubasic/tokenizer.c maneja incorrectamente la terminación nula para cadenas de longitud máxima. Escribe un byte nulo en dest[40] cuando el tamaño del búfer es solo 40 (índices 0-39), desencadenando un desbordamiento de pila."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bacnetstack:bacnet_stack:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.2","matchCriteriaId":"3BF2BFCC-54CE-412E-947A-B5C834161829"},{"vulnerable":true,"criteria":"cpe:2.3:a:bacnetstack:bacnet_stack:1.5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"2B47182E-6B7F-4C53-904A-EB37C9C0A439"},{"vulnerable":true,"criteria":"cpe:2.3:a:bacnetstack:bacnet_stack:1.5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"CF491863-1A31-4A23-A6AC-DF7545FCAA48"}]}]}],"references":[{"url":"https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/bacnet-stack/bacnet-stack/pull/1196","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-pc83-wp6w-93mx","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}}]}