CVE-2026-37530

Published: May 1, 2026

Modified: May 1, 2026

PUBLISHED

Description

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level

https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-37530

Description

Affected Products

References