CVE-2026-44905 riebl CVE debrief

Who should care

Operators of C-ITS/V2X infrastructure using Vanetza; automotive security teams deploying ETSI-compliant connected vehicle systems; critical transportation infrastructure defenders; ASN.1 protocol implementers

Technical summary

The vulnerability resides in Vanetza's StraightVerifyService cryptographic verification flow. During V2X message processing, the ASN.1 decoder (asn1c_wrapper.cpp) accepts syntactically valid certificates with semantically invalid Psid subtypes—specifically out-of-range values or invalid CHOICE variants—because subtype constraints are not enforced during initial parsing. When StraightVerifyService subsequently re-encodes the signing certificate for hash calculation, the OER encoder detects the semantic violation and raises std::runtime_error. This exception is uncaught in the encoding path, propagating to std::terminate and causing process crash. The attack vector is network-based, requires no authentication, and results in complete availability loss (CVSS 3.1: 7.5 HIGH).

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Vanetza to version containing commit e1a2e2709210d309458c3d77f98d50dec26c0df0 or later
• Apply vendor security advisory patches when available
• Implement network segmentation to restrict untrusted V2X message sources where feasible
• Monitor for unexpected Vanetza process terminations as potential exploitation indicators
• Review exception handling in ASN.1 encoding paths for similar constraint validation gaps

Evidence notes

Vulnerability description confirms Vanetza 26.02 and earlier affected; commit e1a2e2709210d309458c3d77f98d50dec26c0df0 identified as fix; CVSS 7.5 (HIGH) with AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H vector indicates network-reachable, unauthenticated denial-of-service; CWE-248 (Uncaught Exception) classified as weakness type.

Official resources