CVE-2026-37538
Awaiting Analysis Awaiting Analysis - Queue

Buffer Overflow in socketcand via crafted bus_name

Vulnerability report for CVE-2026-37538, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: MITRE

Description

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-07-06
AI Q&A
2026-05-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
openxc isotp-c *
miaofng uds-c *
collin80 open-sae-j1939 *
openamp openamp 2025.10.0
open_vehicle_monitoring_system open_vehicle_monitoring_system 3.3.005

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the socketcand 0.4.2 software, specifically in the main function within the socketcand.c file. It occurs when the software processes a crafted bus_name, which can cause the program to behave unexpectedly.

A buffer overflow happens when more data is written to a buffer than it can hold, potentially overwriting adjacent memory and leading to crashes or other unpredictable behavior.

Impact Analysis

Exploiting this buffer overflow vulnerability can cause a denial of service (DoS), meaning the affected software could crash or become unresponsive.

Additionally, there may be other unspecified impacts, which could include unauthorized code execution or other security issues, but these are not detailed in the available information.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-37538 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves a buffer overflow in socketcand 0.4.2 caused by a crafted CAN frame identifier string that is too long. Detection would involve monitoring for unusually long or malformed CAN frame identifiers being sent to the socketcand service.

Since the vulnerability is triggered by a crafted CAN frame, network or system detection could include capturing CAN traffic and inspecting frame identifiers for abnormal length or unexpected values.

Specific commands are not provided in the available resources, but general approaches could include using tools like can-utils (candump) to capture CAN frames and custom scripts to analyze the length of CAN frame identifiers.

Mitigation Strategies

Immediate mitigation steps include restricting access to the socketcand service to trusted users and networks to prevent attackers from sending crafted CAN frames.

Since socketcand 0.4.2 is affected and the project is deprecated, consider upgrading to a maintained version or switching to the official linux-can/socketcand repository for a version that may have patches or improved security.

Additionally, monitoring and filtering CAN traffic to block frames with suspiciously long identifiers can help reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37538. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart