CVE-2026-37537: n/a
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8_t index = data[0] - 1. When data[0] (sequence number from CAN frame) is 0, index underflows to 255. Subsequent write at tp_dt->data[255*7 + i-1] reaches offset 1791, exceeding the MAX_TP_DT buffer (1785 bytes) by 6 bytes.
AI Analysis
Technical Summary
CVE-2026-37537 describes an integer underflow in the Open-SAE-J1939 project up to commit 744024d4306bc387857dfce439558336806acb06. The issue occurs in the Transport Protocol Data Transfer code where a uint8_t index is calculated as data[0] - 1. If data[0] is zero, the index underflows to 255, causing subsequent writes to exceed the MAX_TP_DT buffer size by 6 bytes, resulting in an out-of-bounds write. This vulnerability can lead to memory corruption and potentially arbitrary code execution or denial of service depending on exploitation context. The CVSS 3.1 score is 8.1, reflecting high impact on availability and integrity with low attack complexity and no privileges required.
Potential Impact
The vulnerability allows an attacker to cause an out-of-bounds write by sending a CAN frame with a sequence number of zero, leading to memory corruption. This can impact the integrity and availability of the affected system. There is no indication of confidentiality impact. No known exploits are reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users should monitor the Open-SAE-J1939 project for updates. Until a fix is released, consider applying input validation or filtering on CAN frames to prevent sequence number zero if feasible in the deployment environment.
CVE-2026-37537: n/a
Description
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8_t index = data[0] - 1. When data[0] (sequence number from CAN frame) is 0, index underflows to 255. Subsequent write at tp_dt->data[255*7 + i-1] reaches offset 1791, exceeding the MAX_TP_DT buffer (1785 bytes) by 6 bytes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-37537 describes an integer underflow in the Open-SAE-J1939 project up to commit 744024d4306bc387857dfce439558336806acb06. The issue occurs in the Transport Protocol Data Transfer code where a uint8_t index is calculated as data[0] - 1. If data[0] is zero, the index underflows to 255, causing subsequent writes to exceed the MAX_TP_DT buffer size by 6 bytes, resulting in an out-of-bounds write. This vulnerability can lead to memory corruption and potentially arbitrary code execution or denial of service depending on exploitation context. The CVSS 3.1 score is 8.1, reflecting high impact on availability and integrity with low attack complexity and no privileges required.
Potential Impact
The vulnerability allows an attacker to cause an out-of-bounds write by sending a CAN frame with a sequence number of zero, leading to memory corruption. This can impact the integrity and availability of the affected system. There is no indication of confidentiality impact. No known exploits are reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users should monitor the Open-SAE-J1939 project for updates. Until a fix is released, consider applying input validation or filtering on CAN frames to prevent sequence number zero if feasible in the deployment environment.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-06T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4dd91cbff5d861017cf2d
Added to database: 5/1/2026, 5:06:25 PM
Last enriched: 5/1/2026, 5:21:39 PM
Last updated: 5/2/2026, 5:50:17 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.