Open-SAE-J1939 Integer Underflow Vulnerability Allowing Arbitrary Memory Write
Vulnerability
An integer underflow vulnerability has been identified in the Open-SAE-J1939 library, specifically in versions through commit b6caf884df46435e539b1ecbf92b6c29b345bdfe. This vulnerability arises in the 'SAE_J1939_Read_Transport_Protocol_Data_Transfer' function, where the library improperly calculates the size of incoming data from CAN frames. Attackers can exploit this flaw by sending crafted CAN frames that manipulate the sequence number, leading to out-of-bounds memory writes.
Impact
Exploitation of this vulnerability allows for arbitrary memory writes, which can potentially lead to memory corruption or execution of injected code.
Reproduction
To reproduce this vulnerability, send a CAN frame with a manipulated sequence number that exploits the integer underflow in the 'SAE_J1939_Read_Transport_Protocol_Data_Transfer' function. The crafted frame should be delivered over the CAN bus, either through the network or directly on the local bus.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.