Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name.
AnalysisAI
Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.
Technical ContextAI
socketcand is a daemon that provides network access to Controller Area Network (CAN) interfaces, commonly used in automotive and industrial control systems. The vulnerability stems from CWE-121 (stack-based buffer overflow) in the main() function of socketcand.c when processing the bus_name parameter. When an attacker supplies a crafted bus_name string exceeding the allocated buffer size, it overwrites adjacent memory on the stack. While the CVSS vector indicates only availability impact (C:N/I:N/A:H), stack-based buffer overflows can theoretically enable arbitrary code execution if the overflow overwrites return addresses or function pointers. The CPE data is incomplete (cpe:2.3:a:n/a:n/a:*), making precise product matching difficult, but the GitHub repository reference confirms socketcand version 0.4.2 as the affected implementation. The vulnerability exists in initialization/configuration parsing logic executed when the daemon starts or processes connection requests.
RemediationAI
Check the socketcand GitHub repository (https://github.com/dschanoeh/socketcand) for commits addressing CVE-2026-37538 or buffer overflow fixes in socketcand.c after the 0.4.2 release - no vendor-released patch version is confirmed in the provided references, requiring manual verification of the repository's commit history and release tags. If no patched version exists, implement network-level compensating controls: restrict socketcand listener bindings to localhost or trusted management networks only (modify daemon startup parameters to bind to 127.0.0.1 instead of 0.0.0.0), deploy firewall rules allowing connections exclusively from authorized CAN gateway management systems, and apply application-layer filtering to validate bus_name length and format before reaching the vulnerable code path. For production industrial/automotive environments, consider deploying socketcand behind a reverse proxy or API gateway that enforces strict input validation on CAN bus names (maximum length limits, alphanumeric-only character sets). Monitor socketcand processes for unexpected crashes or restart loops as potential exploitation indicators. Trade-off: localhost-only binding eliminates network attack surface but breaks remote CAN interface access workflows - requires deploying management tools on the same host or tunneling through SSH. Advisory references: VulDB entry at https://vuldb.com/vuln/360777 and proof-of-concept at https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 (use PoC details to inform input validation rules).
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26691