CVE Catalog

CVE-2026-37539

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-37539 describes a buffer overflow vulnerability in version 2.0.0 of the cannelloni software occurring during CAN frame parsing in the parseCANFrame and decodeFrame functions. This allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted CAN FD frames.

Risk Assessment

The risk to the organization includes the potential for remote denial of service or unauthorized code execution, which could lead to loss of availability or data security breaches.

Recommendation

It is recommended to update the cannelloni software to the latest version that includes security patches and to monitor systems for unauthorized access attempts.

Original NVD description (English source)

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS