CVE-2026-37538
Buffer Overflow in socketcand via crafted bus_name
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openxc | isotp-c | * |
| miaofng | uds-c | * |
| collin80 | open-sae-j1939 | * |
| openamp | openamp | 2025.10.0 |
| open_vehicle_monitoring_system | open_vehicle_monitoring_system | 3.3.005 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the socketcand 0.4.2 software, specifically in the main function within the socketcand.c file. It occurs when the software processes a crafted bus_name, which can cause the program to behave unexpectedly.
A buffer overflow happens when more data is written to a buffer than it can hold, potentially overwriting adjacent memory and leading to crashes or other unpredictable behavior.
How can this vulnerability impact me? :
Exploiting this buffer overflow vulnerability can cause a denial of service (DoS), meaning the affected software could crash or become unresponsive.
Additionally, there may be other unspecified impacts, which could include unauthorized code execution or other security issues, but these are not detailed in the available information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-37538 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a buffer overflow in socketcand 0.4.2 caused by a crafted CAN frame identifier string that is too long. Detection would involve monitoring for unusually long or malformed CAN frame identifiers being sent to the socketcand service.
Since the vulnerability is triggered by a crafted CAN frame, network or system detection could include capturing CAN traffic and inspecting frame identifiers for abnormal length or unexpected values.
Specific commands are not provided in the available resources, but general approaches could include using tools like can-utils (candump) to capture CAN frames and custom scripts to analyze the length of CAN frame identifiers.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the socketcand service to trusted users and networks to prevent attackers from sending crafted CAN frames.
Since socketcand 0.4.2 is affected and the project is deprecated, consider upgrading to a maintained version or switching to the official linux-can/socketcand repository for a version that may have patches or improved security.
Additionally, monitoring and filtering CAN traffic to block frames with suspiciously long identifiers can help reduce the risk of exploitation.