CVE-2026-37537

Published: Mag 01, 2026 Last Modified: Mag 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,1
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high

Description

AI Translation Available

collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8_t index = data[0] - 1. When data[0] (sequence number from CAN frame) is 0, index underflows to 255. Subsequent write at tp_dt->data[255*7 + i-1] reaches offset 1791, exceeding the MAX_TP_DT buffer (1785 bytes) by 6 bytes.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 2 Days)

190

Integer Overflow or Wraparound

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism Alter Execution Logic Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages: C, Not Language-Specific
Likelihood of Exploit: Medium
View CWE Details
https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58…
https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
https://github.com/collin80/Open-SAE-J1939
https://github.com/collin80/Open-SAE-J1939
https://github.com/DanielMartensson/Open-SAE-J1939
https://github.com/DanielMartensson/Open-SAE-J1939