PT-2026-36509 · Openxc · Isotp-C
Feng Ning
·
Published
2026-05-01
·
Updated
2026-05-07
·
CVE-2026-37535
CVSS v3.1
7.1
High
| Vector | AC:L/AV:A/A:H/C:L/I:N/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
openxc/isotp-c versions prior to commit 5a5d19245f65189202719321facd49ce6f5d46ac
Description
An out-of-bounds read exists in the ISO-TP Single Frame receive handler. The issue occurs because the 4-bit payload length nibble is used directly as the
memcpy size without validation against the actual CAN data length. A malicious CAN frame with an oversized length nibble can trigger memory reads beyond the buffer, potentially leading to a denial of service or the exposure of sensitive information.Recommendations
Update to a version of openxc/isotp-c released after commit 5a5d19245f65189202719321facd49ce6f5d46ac.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Isotp-C