CVE-2026-21870
- Source
- https://cve.org/CVERecord?id=CVE-2026-21870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-21870
- Aliases
-
- GHSA-pc83-wp6w-93mx
- Published
- 2026-02-13T17:58:37.205Z
- Modified
- 2026-03-02T08:04:41.540815Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string
- Details
-
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SIGABRT) when processing string literals longer than the buffer limit. The tokenizer_string function in src/bacnet/basic/program/ubasic/tokenizer.c incorrectly handles null termination for maximum-length strings. It writes a null byte to dest[40] when the buffer size is only 40 (indices 0-39), triggering a stack overflow.
- Database specific
{ "cwe_ids": [ "CWE-193" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21870.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21870.json
- https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465
- https://github.com/bacnet-stack/bacnet-stack/pull/1196
- https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-pc83-wp6w-93mx
- https://nvd.nist.gov/vuln/detail/CVE-2026-21870
Affected packages
Git / github.com/bacnet-stack/bacnet-stack
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bacnet-stack/bacnet-stack
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
bacnet-stack-1.*
bacnet-stack-1.0.0
bacnet-stack-1.1.0
bacnet-stack-1.1.1
bacnet-stack-1.2.0
bacnet-stack-1.3.0
bacnet-stack-1.3.1
bacnet-stack-1.3.2
bacnet-stack-1.3.3
bacnet-stack-1.3.4
bacnet-stack-1.3.5
bacnet-stack-1.3.6
bacnet-stack-1.3.7
bacnet-stack-1.3.8
bacnet-stack-1.4.0
bacnet-stack-1.4.1
bacnet-stack-1.4.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21870.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"268571434227646967484741613713081181267",
"66049829109093423262403396779317622279",
"268426914691437343662859404059831600636",
"179126969254820620325425943426790076190",
"300800807772556864882382805530948845350",
"212374737158372659891933244806355120714",
"271165173180689709427611890846716604502",
"334185405908682284023009643102449008729",
"122171342807595637935475239499285369708",
"999604187978949026867581878965938259"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Line",
"id": "CVE-2026-21870-0a329910",
"target": {
"file": "src/bacnet/basic/program/ubasic/tokenizer.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "16864189424846766998519240032671461349",
"length": 678.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-0e91c448",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "ubasic_set_stringvariable"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "106450760621600006785808774156998722393",
"length": 649.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-172696f1",
"target": {
"file": "src/bacnet/basic/program/ubasic/tokenizer.c",
"function": "tokenizer_label"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "239868434369751596698359495392642578950",
"length": 209.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-20127a70",
"target": {
"file": "test/bacnet/basic/program/ubasic/src/main.c",
"function": "test_main"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "233959223001149785113781613902604496948",
"length": 2871.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-621f3e9a",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "sfactor"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "219055107226596348300794027076378016642",
"length": 674.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-7844837f",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "gosub_statement"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "231947863029126635444599592353150603624",
"length": 1463.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-7a023963",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "print_statement"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "319031664088983570049637659029487596884",
"length": 476.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-9f817f2d",
"target": {
"file": "src/bacnet/basic/program/ubasic/tokenizer.c",
"function": "tokenizer_string"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "143744288611743522041784402896889984154",
"length": 428.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-a061011e",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "goto_statement"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"185192068515200243317719005051391423374",
"18372526778011214907733358338327208840",
"151625819221219026294133819112498078706",
"233052117977694228678684562570827307677",
"77647574995794514302663389296836762506",
"94372862330386996004021116323684167914",
"38555877562259020476392597473100712201",
"246645338820522943877864029190881994662"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Line",
"id": "CVE-2026-21870-b4bb01be",
"target": {
"file": "test/bacnet/basic/program/ubasic/src/main.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "178452635109548091355780555865754314966",
"length": 446.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-b655339d",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "sstr"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16839103218966521910368569511258647381",
"102019313679159517104288085105032425030",
"135191259301589308803305154743265386079",
"222651379966780002980117789567273027135"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Line",
"id": "CVE-2026-21870-bc6d0230",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"261550462814948032226514703071692081776",
"266328393438246115090586541488193679607",
"155251982352647768089270030364148690478",
"119100357468162477860740606392832449736",
"336670016302764555602247042922052005846",
"272234848032318879330827355452839410327",
"124523986055790067317839295516083016404",
"294620568745504417762758335050544526135",
"331182912543706864680430455876101258068",
"311066733298483043676363969776406741929",
"82392493809651133411319496789555376367",
"49818698490395156918436906020564192823",
"178833199272412911793835016891385651875",
"229698499130674987337009280937121101276",
"226699206932483614684607494009073112676",
"301077667400026570151201856093305520303",
"125227264247135516983488968849986098690",
"325874258756208221490762100482019542465",
"66254942063897217795484161531332495289",
"45798999308810932141465118946524959078",
"294014827361262860264911084521830879937",
"246636797501325655170840261746367367638",
"85480308721836708294139053169022338830",
"91476818415920556804758610934294451670",
"65580090695485172815394976630649042074",
"226314055141489486696696244911808042008",
"224598344323671798477339339994041974036",
"212856818830054655059530645087780533390",
"275623382715815357678665669477072063045",
"173031321833555927572898273446484296045",
"134432725416240297919760209108393700738",
"293749522692757184557499745415242951933",
"284236061684295111329557812704371780840",
"321245524102231321169348148636382971655",
"193942409642644403187253557477497035181",
"9839018956358840824570560303148273350",
"129275822257619387880450702868696480124",
"94029112784686059763989470477476300060",
"202773833534427040489453551922104864127",
"241849687303829704306028721926677913753",
"174646576216649279212751911688740353693",
"58787605669964912720612098845174995942",
"8480291230977069012100122230276225240",
"264455261455114723486810490295564383218",
"95512304555341811007081537875576571301",
"269972906028482552078717912041874299554",
"118694045495763243262696025226607568979",
"24172263939593571214703404873767207945",
"169859371029657478438693029607411079245",
"7537424117163779913903429284518164892",
"70275837327004076399758503211176940814",
"94478831899196547860442649625155420826",
"124741618174533511620033875902376981956",
"122460200023402678436191208305802272391",
"143828921288010624085300014161061679888",
"200029923866533257827019523943267102367",
"49309547524199436397764333914125456186",
"329360828381726177646214427715321487675",
"153438203542127453220375240721525918331",
"136561496491150929058408779635898402058",
"258235178431920295880534814938789396357",
"309280534826923030639801939482833698975",
"49549377872357956138553540392928081875",
"284379159585385507574498159403790763268",
"206145585479141660574651913168322232594",
"297727991338048546307041102005285510860",
"145995561972376881377292911748053936481",
"64742743856614074054065702033101702915",
"203208346236258261876963596148858265917",
"135836436927145441260141482551988279652",
"198594934573710815658593711897207572204",
"296928052759077634103196289195745100028",
"248618661783927081376352133494872751972",
"76597029827367220519216249632813065122",
"279628858084780035285243297410993117049",
"26105991753018357085140989114988533029",
"46659697929270202287585433562758516733",
"76683689162057171186486868252817941542",
"223682596731253704932950106989069315989",
"107507754838305902424578058505402234938",
"132171356575992311134618903715897586863",
"24830552619522969335852819702277892685",
"230184865615652972282530801419788338629",
"280129812326797118165000630814716708435",
"83098356279886026848326553130285595745"
]
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Line",
"id": "CVE-2026-21870-c1a8f888",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "115161090357175604030176847755049633755",
"length": 1115.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-c1f9a4f1",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "serial_getline_completed"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "199982694720377656989883491313299644742",
"length": 439.0
},
"source": "https://github.com/bacnet-stack/bacnet-stack/commit/4e1176394a5ae50d2fd0b5790d9bff806dc08465",
"signature_type": "Function",
"id": "CVE-2026-21870-cdd09aaf",
"target": {
"file": "src/bacnet/basic/program/ubasic/ubasic.c",
"function": "ubasic_get_stringvariable"
}
}
]