Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Remote unauthenticated AIS sentence injection with low complexity (AV:N/AC:L/PR:N/UI:N); impact is a crash/DoS so A:H with no confidentiality or integrity impact.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.
AnalysisAI
Denial of service in libais through version 0.15 lets remote unauthenticated attackers crash AIS-processing services and vessel systems by sending malformed AIVDM sentences. The VdmStream::AddLine routine treats an unchecked sentinel value as a vector index when a sentence carries an empty or out-of-range sequential message ID, producing an out-of-bounds vector access (CWE-129) and potential memory corruption. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only that the target ingest attacker-supplied AIVDM/AIVDO AIS sentences into a libais-based parser (through version 0.15) - either via an IP AIS feed the system consumes or via VHF marine radio within transmission range - and that the crafted sentence carry an empty or out-of-range sequential message ID that drives VdmStream::AddLine to use its sentinel value as a vector index. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) describes a remote, low-complexity, unauthenticated attack, and the impact is confined to availability (VA:H) with no confidentiality or integrity impact (VC:N/VI:N), consistent with the Denial Of Service tag and a base score of 8.7. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker transmits a crafted AIVDM sentence with an empty or out-of-range sequential message ID, either over VHF marine radio within range of a target receiver or by injecting it into an IP-based AIS feed the target ingests. When libais parses it, VdmStream::AddLine indexes a vector with the unchecked sentinel value, triggering an out-of-bounds access that crashes the service or corrupts memory. … |
| Remediation | No vendor-released patch version is identified in the available data; the references point to the upstream GitHub issue (https://github.com/schwehr/libais/issues/263) rather than a tagged release, so monitor that issue and the libais repository for a fixed version and upgrade once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running libais versions ≤0.15 and assess network exposure to untrusted input sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39523
GHSA-2f4m-q55c-v3xr