Buffer overflow in Js8call

CVE-2026-42996

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.