Skip to main content

socketcand EUVDEUVD-2026-26691

| CVE-2026-37538 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-01 mitre
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 19:45 vuln.today
CVSS changed
May 01, 2026 - 19:22 NVD
7.5 (HIGH)
EUVD ID Assigned
May 01, 2026 - 17:00 euvd
EUVD-2026-26691
Analysis Generated
May 01, 2026 - 17:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name.

AnalysisAI

Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.

Technical ContextAI

socketcand is a daemon that provides network access to Controller Area Network (CAN) interfaces, commonly used in automotive and industrial control systems. The vulnerability stems from CWE-121 (stack-based buffer overflow) in the main() function of socketcand.c when processing the bus_name parameter. When an attacker supplies a crafted bus_name string exceeding the allocated buffer size, it overwrites adjacent memory on the stack. While the CVSS vector indicates only availability impact (C:N/I:N/A:H), stack-based buffer overflows can theoretically enable arbitrary code execution if the overflow overwrites return addresses or function pointers. The CPE data is incomplete (cpe:2.3:a:n/a:n/a:*), making precise product matching difficult, but the GitHub repository reference confirms socketcand version 0.4.2 as the affected implementation. The vulnerability exists in initialization/configuration parsing logic executed when the daemon starts or processes connection requests.

RemediationAI

Check the socketcand GitHub repository (https://github.com/dschanoeh/socketcand) for commits addressing CVE-2026-37538 or buffer overflow fixes in socketcand.c after the 0.4.2 release - no vendor-released patch version is confirmed in the provided references, requiring manual verification of the repository's commit history and release tags. If no patched version exists, implement network-level compensating controls: restrict socketcand listener bindings to localhost or trusted management networks only (modify daemon startup parameters to bind to 127.0.0.1 instead of 0.0.0.0), deploy firewall rules allowing connections exclusively from authorized CAN gateway management systems, and apply application-layer filtering to validate bus_name length and format before reaching the vulnerable code path. For production industrial/automotive environments, consider deploying socketcand behind a reverse proxy or API gateway that enforces strict input validation on CAN bus names (maximum length limits, alphanumeric-only character sets). Monitor socketcand processes for unexpected crashes or restart loops as potential exploitation indicators. Trade-off: localhost-only binding eliminates network attack surface but breaks remote CAN interface access workflows - requires deploying management tools on the same host or tunneling through SSH. Advisory references: VulDB entry at https://vuldb.com/vuln/360777 and proof-of-concept at https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 (use PoC details to inform input validation rules).

Share

EUVD-2026-26691 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy