CVE-2026-37535
Out-of-Bounds Read in openxc/isotp-c CAN Frame Handler
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openxc | isotp-c | From 5a5d19245f65189202719321facd49ce6f5d46ac (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in openxc/isotp-c up to commit 5a5d19245f65189202719321facd49ce6f5d46ac. It is an out-of-bounds read issue in the ISO-TP Single Frame receive handler. Specifically, the 4-bit payload length nibble is used directly as the size parameter for memcpy without validating it against the actual CAN data length. This means that if a malicious CAN frame contains an oversized length nibble, it can cause the program to read memory beyond the intended buffer.
How can this vulnerability impact me? :
The vulnerability can allow attackers to cause a denial of service by triggering out-of-bounds memory reads. Additionally, it may enable attackers to gain access to sensitive information by reading memory beyond the buffer.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.