CVE-2026-37534: n/a
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.
AI Analysis
Technical Summary
An integer underflow in Open-SAE-J1939's SAE_J1939_Read_Transport_Protocol_Data_Transfer function allows attackers to perform arbitrary memory writes by manipulating the sequence number in CAN frames. This vulnerability exists in the codebase as of commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30). No patch or remediation information is currently provided, and the affected versions are unspecified. No CVSS score is assigned, and no known exploitation has been reported.
Potential Impact
Successful exploitation could allow an attacker to write to arbitrary memory locations, potentially leading to code execution, system instability, or denial of service. The exact impact depends on the environment and usage of the vulnerable function. No known exploits have been observed in the wild to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should monitor official Open-SAE-J1939 channels for updates and consider restricting or validating CAN frame inputs if possible to mitigate risk.
CVE-2026-37534: n/a
Description
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An integer underflow in Open-SAE-J1939's SAE_J1939_Read_Transport_Protocol_Data_Transfer function allows attackers to perform arbitrary memory writes by manipulating the sequence number in CAN frames. This vulnerability exists in the codebase as of commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30). No patch or remediation information is currently provided, and the affected versions are unspecified. No CVSS score is assigned, and no known exploitation has been reported.
Potential Impact
Successful exploitation could allow an attacker to write to arbitrary memory locations, potentially leading to code execution, system instability, or denial of service. The exact impact depends on the environment and usage of the vulnerable function. No known exploits have been observed in the wild to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should monitor official Open-SAE-J1939 channels for updates and consider restricting or validating CAN frame inputs if possible to mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-06T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4dd91cbff5d861017cf1f
Added to database: 5/1/2026, 5:06:25 PM
Last enriched: 5/1/2026, 5:22:19 PM
Last updated: 5/2/2026, 5:50:48 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.