CVE-2026-40279
BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`
CVSS Score
3.7
EPSS Score
0.0%
EPSS Percentile
0th
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value โฅ 0x80), the left-shift operation overflows a signed int32_t, which is undefined behavior per the C standard. This is flagged thousands of times per minute by UndefinedBehaviorSanitizer on any BACnet input containing signed-integer property values with high-bit-set bytes. This vulnerability is fixed in 1.4.3.
| CWE | CWE-758 |
| Vendor | bacnet-stack |
| Product | bacnet-stack |
| Published | Apr 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for bacnet-stack bacnet-stack
Be the first to know when new low vulnerabilities affecting bacnet-stack bacnet-stack are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
bacnet-stack / bacnet-stack
< 1.4.3