CVE-2026-37534

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open-SAE-J1939 versions prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe

Description An integer underflow exists in the SAE J1939 Read Transport Protocol Data Transfer() function. This allows attackers to write to arbitrary memory by using a crafted sequence number from the CAN frame.

Recommendations Update to a version containing commit b6caf884df46435e539b1ecbf92b6c29b345bdfe.

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2026-37534

Affected Products

Undefined

CVE-2026-37534

Weakness Enumeration

Related Identifiers

Affected Products

References · 7