CVE-2023-51773

BACnet Stack before 1.3.2 is affected by a decode function APDU buffer over-read in bacapp_decode_application_data (bacapp.c). The vulnerability affects BACnet Stack prior to version 1.3.2 and can impact confidentiality and availability due to a buffer over-read. No explicit exploitation details ...

CVE-2026-40279

BACnet Stack (open-source C library for embedded systems) contains a defect in decode_signed32() in src/bacnet/bacint.c where reconstructing a 32-bit signed integer from four APDU bytes via signed left shifts can overflow signed int32_t when any byte has bit 7 set (>= 0x80). This undefined beh...