CVE-2026-37534
Awaiting Analysis Awaiting Analysis - Queue
Integer Underflow in Open-SAE-J1939 Transport Protocol

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: MITRE

Description
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-37534
EUVD
EUVD-2026-26687
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cannelloni parsecanframe *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer underflow issue in the Open-SAE-J1939 software, specifically in the function SAE_J1939_Read_Transport_Protocol_Data_Transfer. It occurs due to improper handling of a crafted sequence number from a CAN frame, which allows attackers to write to arbitrary memory locations.

Detection Guidance

This vulnerability can be detected by monitoring for malformed CAN frames that contain crafted sequence numbers designed to trigger the integer underflow and memory corruption in the Open-SAE-J1939 library.

Detection involves capturing CAN traffic on your network or system and analyzing frames for abnormal or suspicious sequence numbers that could exploit the vulnerability.

Commands to capture and analyze CAN frames might include using tools such as candump or can-utils on Linux systems to capture CAN traffic, for example:

  • candump can0
  • canplayer -I captured.log

After capturing, you would need to analyze the sequence numbers in the SAE J1939 transport protocol data transfer frames for anomalies or values that could cause integer underflow.

Mitigation Strategies

Immediate mitigation steps include filtering or blocking malformed CAN frames with suspicious sequence numbers before they reach the vulnerable Open-SAE-J1939 library.

Implement network-level controls to restrict or validate CAN traffic, ensuring only properly formatted and authenticated frames are processed.

If possible, update the Open-SAE-J1939 library to a version that includes patches addressing this integer underflow vulnerability.

Additionally, apply input validation and bounds checking on sequence numbers and frame lengths in your CAN frame processing code to prevent exploitation.

Impact Analysis

The vulnerability allows attackers to write to arbitrary memory, which can lead to unauthorized code execution, data corruption, or system instability. This can compromise the affected system's integrity and potentially allow attackers to take control or disrupt normal operations.

Compliance Impact

The provided context and resources do not contain information regarding the impact of CVE-2026-37534 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37534. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart