QSearchQSearch

CVE-2026-37530

7.5 HIGH

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library

Published: 2026-05-01 · Last updated: 2026-05-20

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-121

Affected products

VendorProduct
linuxfoundationautomotive_grade_linux

Description

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-44477 CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments (9.9 CRITICAL)
  • CVE-2026-44247 Volcano is a Kubernetes-native batch scheduling system (6.8 MEDIUM)
  • CVE-2026-44374 Backstage is an open framework for building developer portals (4.3 MEDIUM)
  • CVE-2026-45321 On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm ... (9.6 CRITICAL)
  • CVE-2026-37531 AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-... (9.8 CRITICAL)

Same CWE

  • CVE-2026-49760 Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow
  • CVE-2026-49759 Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by...
  • CVE-2026-26241 A buffer overflow vulnerability has been reported to affect File Station 5
  • CVE-2026-26240 A buffer overflow vulnerability has been reported to affect File Station 5
  • CVE-2026-26239 A buffer overflow vulnerability has been reported to affect File Station 5