CVE-2026-37534
Integer Underflow in Open-SAE-J1939 Transport Protocol
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cannelloni | parsecanframe | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer underflow issue in the Open-SAE-J1939 software, specifically in the function SAE_J1939_Read_Transport_Protocol_Data_Transfer. It occurs due to improper handling of a crafted sequence number from a CAN frame, which allows attackers to write to arbitrary memory locations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain information regarding the impact of CVE-2026-37534 on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
The vulnerability allows attackers to write to arbitrary memory, which can lead to unauthorized code execution, data corruption, or system instability. This can compromise the affected system's integrity and potentially allow attackers to take control or disrupt normal operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for malformed CAN frames that contain crafted sequence numbers designed to trigger the integer underflow and memory corruption in the Open-SAE-J1939 library.
Detection involves capturing CAN traffic on your network or system and analyzing frames for abnormal or suspicious sequence numbers that could exploit the vulnerability.
Commands to capture and analyze CAN frames might include using tools such as candump or can-utils on Linux systems to capture CAN traffic, for example:
- candump can0
- canplayer -I captured.log
After capturing, you would need to analyze the sequence numbers in the SAE J1939 transport protocol data transfer frames for anomalies or values that could cause integer underflow.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include filtering or blocking malformed CAN frames with suspicious sequence numbers before they reach the vulnerable Open-SAE-J1939 library.
Implement network-level controls to restrict or validate CAN traffic, ensuring only properly formatted and authenticated frames are processed.
If possible, update the Open-SAE-J1939 library to a version that includes patches addressing this integer underflow vulnerability.
Additionally, apply input validation and bounds checking on sequence numbers and frame lengths in your CAN frame processing code to prevent exploitation.