Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
BACnet Protocol Stack library: Crash when processing long strings
CVE-2026-21870
Summary
The BACnet Protocol Stack library, used for building automation and control systems, has a bug that causes it to crash when processing long strings. This can lead to system instability and potentially allow malicious access to the system. To fix this issue, update to version 1.5.0.rc3 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| bacnetstack | bacnet_stack | <= 1.4.2 | – |
| bacnetstack | bacnet_stack | 1.5.0 | – |
| bacnetstack | bacnet_stack | 1.5.0 | – |
Original title
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based bu...
Original description
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SIGABRT) when processing string literals longer than the buffer limit. The tokenizer_string function in src/bacnet/basic/program/ubasic/tokenizer.c incorrectly handles null termination for maximum-length strings. It writes a null byte to dest[40] when the buffer size is only 40 (indices 0-39), triggering a stack overflow.
nvd CVSS3.1
5.5
Vulnerability type
CWE-193
Published: 13 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026