The vulnerability in miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a involves a stack buffer overflow in the send_diagnostic_request function. A 6-byte buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) is overflowed because memcpy copies payload_length bytes at an offset calculated as 1 + pid_length, where payload_length can be up to 7 (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7). This results in copying up to 10 bytes into a 6-byte buffer, exceeding its capacity by 4 bytes without any bounds checking. The CVSS 3.1 score is 8.8, indicating high severity with attack complexity low, attack vector adjacent network, and impacts on confidentiality, integrity, and availability all rated high. There is no vendor advisory or patch information available at this time.

Successful exploitation of this stack buffer overflow can lead to memory corruption, potentially allowing an attacker to execute arbitrary code, cause denial of service, or compromise system confidentiality and integrity. The CVSS score of 8.8 reflects the high impact on confidentiality, integrity, and availability. However, no known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid processing untrusted input that could trigger this vulnerability. Monitor for updates from the project maintainers or vendor regarding patches or mitigations.