3 matches found
CVE-2026-37532
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...
CVE-2026-37532
CVE-2026-37532 affects AGL agl-service-can-low-level up to version 17.1.12, with a heap buffer over-read in the isotp-c library. In isotp_continue_receive, payload_length for a Single Frame is read from a 4-bit nibble, yielding 0–15, but a standard CAN frame has only 8 bytes and payload starts at...
PT-2026-36507
Name of the Vulnerable Software and Affected Versions AGL agl-service-can-low-level versions prior to 17.1.12 Description A heap buffer over-read exists in the isotp-c library. In the isotp continue receive function, the payload length for a Single Frame is extracted from a 4-bit nibble in the CA...