← Back

CVE-2026-40279

nvd nist
Published: Apr 21, 2026Modified: Apr 27, 2026

JSON object

Loading...
3.7
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 2.2 / Impact: 1.4
Source: security-advisories@github.com (Secondary)

Description

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value ≥ 0x80), the left-shift operation overflows a signed int32_t, which is undefined behavior per the C standard. This is flagged thousands of times per minute by UndefinedBehaviorSanitizer on any BACnet input containing signed-integer property values with high-bit-set bytes. This vulnerability is fixed in 1.4.3.

Affected (1)

Bacnetstack
1 product
Bacnet Stack
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Bacnet Stack
Before 1.4.3

Related CWEs

CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

References (2)

Source: security-advisories@github.com
ExploitMitigationVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitMitigationVendor Advisory

Timeline

No history available yet.