CVE-2026-37538
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in socketcand via crafted bus_name

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: MITRE

Description
Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-37538
EUVD
EUVD-2026-26691
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
openxc isotp-c *
miaofng uds-c *
collin80 open-sae-j1939 *
openamp openamp 2025.10.0
open_vehicle_monitoring_system open_vehicle_monitoring_system 3.3.005
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-37538 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a buffer overflow in the socketcand 0.4.2 software, specifically in the main function within the socketcand.c file. It occurs when the software processes a crafted bus_name, which can cause the program to behave unexpectedly.

A buffer overflow happens when more data is written to a buffer than it can hold, potentially overwriting adjacent memory and leading to crashes or other unpredictable behavior.

Impact Analysis

Exploiting this buffer overflow vulnerability can cause a denial of service (DoS), meaning the affected software could crash or become unresponsive.

Additionally, there may be other unspecified impacts, which could include unauthorized code execution or other security issues, but these are not detailed in the available information.

Detection Guidance

This vulnerability involves a buffer overflow in socketcand 0.4.2 caused by a crafted CAN frame identifier string that is too long. Detection would involve monitoring for unusually long or malformed CAN frame identifiers being sent to the socketcand service.

Since the vulnerability is triggered by a crafted CAN frame, network or system detection could include capturing CAN traffic and inspecting frame identifiers for abnormal length or unexpected values.

Specific commands are not provided in the available resources, but general approaches could include using tools like can-utils (candump) to capture CAN frames and custom scripts to analyze the length of CAN frame identifiers.

Mitigation Strategies

Immediate mitigation steps include restricting access to the socketcand service to trusted users and networks to prevent attackers from sending crafted CAN frames.

Since socketcand 0.4.2 is affected and the project is deprecated, consider upgrading to a maintained version or switching to the official linux-can/socketcand repository for a version that may have patches or improved security.

Additionally, monitoring and filtering CAN traffic to block frames with suspiciously long identifiers can help reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37538. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart