CVE-2026-56770
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
libais through 0.15 has a vulnerability where VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences.
Risk Assessment
This vulnerability can lead to crashes of marine systems and potential memory corruption, posing a serious threat to maritime operational safety.
Recommendation
It is recommended to update libais to a version above 0.15 to mitigate this vulnerability and implement additional input validation mechanisms.
Original NVD description (English source)
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.

