CVE-2026-44905

Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier

Description A denial-of-service issue exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts structures as syntactically valid even if semantic constraints on specific fields are violated. If a crafted packet contains a certificate where the Psid (Provider Service Identifier) sub-type is out-of-range or uses an invalid CHOICE variant, it is accepted during initial parsing. Subsequently, when the StraightVerifyService function attempts to calculate a message hash for cryptographic verification, it re-encodes the signing certificate. The ASN.1 wrapper asn1c wrapper.cpp detects the semantic violation during this encoding process and raises a std::runtime error. Because this exception is not caught, it propagates to std::terminate, causing the process to terminate immediately.

Recommendations Update to the version containing commit e1a2e2709210d309458c3d77f98d50dec26c0df0.