CVE-2026-37530

Name of the Vulnerable Software and Affected Versions agl-service-can-low-level versions prior to 17.1.12

Description A stack buffer overflow exists in the uds-c library. The send diagnostic request() function in uds.c allocates a 6-byte stack buffer but copies up to 7 bytes via memcpy at an offset of 1+pid length, allowing 1-4 bytes of controlled stack overflow. This occurs because the payload length variable lacks a bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries (security mechanisms that detect stack buffer overflows), this can lead to return address overwrite and remote code execution (RCE).

Recommendations Update to version 17.1.12 or later.