7.1

CVE-2026-37532

EPSS 0.01%
Veröffentlicht 01.05.2026 00:00:00
Zuletzt bearbeitet 15.05.2026 15:38:17
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linuxfoundation ≫ Automotive Grade Linux Version <= 17.1.12

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	7.1	2.8	4.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643

Third Party Advisory

https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2026-37532

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-37532

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-37532

EUVD