PT-2026-36507 · Agl+1 · Agl-Service-Can-Low-Level+1
Feng Ning
·
Published
2026-05-01
·
Updated
2026-05-15
·
CVE-2026-37532
CVSS v3.1
7.1
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
AGL agl-service-can-low-level versions prior to 17.1.12
Description
A heap buffer over-read exists in the isotp-c library. In the
isotp continue receive() function, the payload length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, which can result in values from 0 to 15. Since a standard CAN frame is only 8 bytes and the payload starts at data[1], only 7 bytes are available. If the payload length exceeds the available data, the memcpy() function reads up to 8 bytes beyond the end of the data buffer.Recommendations
Update to a version newer than 17.1.12.
Fix
Buffer Over-read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agl-Service-Can-Low-Level
Isotp-C