CVE-2026-37532
CVE-2026-37532 affects AGL agl-service-can-low-level up to version 17.1.12, with a heap buffer over-read in the isotp-c library. In isotp_continue_receive, payload_length for a Single Frame is read from a 4-bit nibble, yielding 0–15, but a standard CAN frame has only 8 bytes and payload starts at...