Skip to main content

libais EUVDEUVD-2026-39523

| CVE-2026-56770 HIGH
Improper Validation of Array Index (CWE-129)
2026-06-25 VulnCheck GHSA-2f4m-q55c-v3xr
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Remote unauthenticated AIS sentence injection with low complexity (AV:N/AC:L/PR:N/UI:N); impact is a crash/DoS so A:H with no confidentiality or integrity impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 18:52 vuln.today

DescriptionCVE.org

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.

AnalysisAI

Denial of service in libais through version 0.15 lets remote unauthenticated attackers crash AIS-processing services and vessel systems by sending malformed AIVDM sentences. The VdmStream::AddLine routine treats an unchecked sentinel value as a vector index when a sentence carries an empty or out-of-range sequential message ID, producing an out-of-bounds vector access (CWE-129) and potential memory corruption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to target AIS feed or VHF range
Delivery
Craft AIVDM sentence with invalid sequential message ID
Exploit
Transmit to libais parser
Execution
Sentinel value used as vector index
Persist
Out-of-bounds vector access
Impact
Service or vessel system crashes (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires only that the target ingest attacker-supplied AIVDM/AIVDO AIS sentences into a libais-based parser (through version 0.15) - either via an IP AIS feed the system consumes or via VHF marine radio within transmission range - and that the crafted sentence carry an empty or out-of-range sequential message ID that drives VdmStream::AddLine to use its sentinel value as a vector index. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) describes a remote, low-complexity, unauthenticated attack, and the impact is confined to availability (VA:H) with no confidentiality or integrity impact (VC:N/VI:N), consistent with the Denial Of Service tag and a base score of 8.7. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker transmits a crafted AIVDM sentence with an empty or out-of-range sequential message ID, either over VHF marine radio within range of a target receiver or by injecting it into an IP-based AIS feed the target ingests. When libais parses it, VdmStream::AddLine indexes a vector with the unchecked sentinel value, triggering an out-of-bounds access that crashes the service or corrupts memory. …
Remediation No vendor-released patch version is identified in the available data; the references point to the upstream GitHub issue (https://github.com/schwehr/libais/issues/263) rather than a tagged release, so monitor that issue and the libais repository for a fixed version and upgrade once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running libais versions ≤0.15 and assess network exposure to untrusted input sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39523 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy