CVE-2026-42485

Name of the Vulnerable Software and Affected Versions agl-service-can-low-level (affected versions not specified)

Description A stack buffer overflow exists in the uds-c library. The send diagnostic request() function in uds.c allocates a 6-byte stack buffer but copies up to 7 bytes via memcpy at an offset of 1+pid length (2-3 bytes), allowing 1-4 bytes of controlled stack overflow. This occurs because the payload length variable lacks a bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries (security mechanisms that detect stack buffer overflows), this can lead to return address overwrite and remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.