CVE-2026-37537

Name of the Vulnerable Software and Affected Versions collin80/Open-SAE-J1939 versions prior to commit 744024d4306bc387857dfce439558336806acb06

Description An integer underflow exists in the Transport Protocol Data Transfer handling. When the sequence number from a CAN frame, represented by the variable data[0], is 0, the index variable underflows to 255. This leads to an out-of-bounds write where data is written to an offset of 1791, exceeding the 1785-byte MAX TP DT buffer by 6 bytes.

Recommendations Update to a version containing commit 744024d4306bc387857dfce439558336806acb06 or later.