Primary

Context

Open-SAE-J1939 Integer Underflow Vulnerability Leading to Out-of-Bounds Write

Vulnerability

A vulnerability exists in the Open-SAE-J1939 library for handling the J1939 Transport Protocol Data Transfer. The issue arises from an integer underflow that allows for an out-of-bounds write. Specifically, when the sequence number from a CAN frame is zero, the calculated index underflows and results in a write operation that exceeds the allocated buffer size. This vulnerability is present in versions through commit 744024d4306bc387857dfce439558336806acb06.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to heap corruption.

Reproduction

The vulnerability can be reproduced by sending a crafted CAN frame with a sequence number of zero. This will trigger the integer underflow, causing the subsequent write operation to exceed the maximum buffer size by six bytes.

Added: May 1, 2026, 5:26 PM

Updated: May 1, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.4

remediation

0.0

relevance

6.8

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.4

remediation

0.0

relevance

6.8

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-SAE-J1939 Integer Underflow Vulnerability Leading to Out-of-Bounds Write

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating