Open-SAE-J1939 Denial-of-Service Vulnerability via Crafted CAN Frame

Vulnerability

A denial-of-service vulnerability has been identified in the Open-SAE-J1939 library, specifically in the SAE_J1939_Read_Binary_Data_Transfer_DM16 function, prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe. The issue arises from improper handling of CAN frames on the J1939 bus, allowing crafted frames to disrupt normal operation.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Added: May 1, 2026, 5:23 PM

Updated: May 1, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.9

remediation

0.0

relevance

7.2

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.9

remediation

0.0

relevance

7.2

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-SAE-J1939 Denial-of-Service Vulnerability via Crafted CAN Frame

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating