Description
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.
Published: 2026-05-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A defect in the SAE_J1939_Read_Binary_Data_Transfer_DM16 routine of Open-SAE-J1939 allows an attacker to send a specially crafted CAN frame that causes the library to enter an error state and stop processing legitimate traffic, resulting in a denial of service. The flaw originates from insufficient validation of the incoming data field in the DM16 packet, leading to an unchecked condition that halts the receiving loop. The impact is restricted to the device or system that runs this implementation, causing loss of J1939 bus functionality until the process is reset.

Affected Systems

Open‑SAE‑J1939 is the only affected project; the vulnerability applies to any product that incorporates the library unchanged and runs a J1939 stack that uses the vulnerable commit b6caf884df46435e539b1ecbf92b6c29b345bdfe.

Risk and Exploitability

Based on the description, it is inferred that an attacker must have physical or logical access to inject a malicious CAN frame, limiting the risk surface to components connected to the J1939 network. The CVSS score is 7.5 and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed exploitation in the wild. Nevertheless, because the denial of service can halt critical engine management or safety systems, the potential impact on safety and operational continuity is significant. The threat is plausible in environments where J1939 traffic is not inspected or rate‑limited.

Generated by OpenCVE AI on May 2, 2026 at 10:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Open‑SAE‑J1939 library to a version that includes the commit that fixes the DM16 parsing logic.
  • If an update is unavailable, isolate the J1939 network by restricting access to devices that must exchange the bus traffic and consider disabling unused ports.
  • Enable logging of malformed J1939 frames and monitor for repeated trigger patterns that suggest an ongoing denial‑of‑service attempt.

Generated by OpenCVE AI on May 2, 2026 at 10:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted CAN Frame on J1939 Bus

Fri, 01 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T17:48:06.483Z

Reserved: 2026-04-27T00:00:00.000Z

Link: CVE-2026-42467

cve-icon Vulnrichment

Updated: 2026-05-01T17:48:02.311Z

cve-icon NVD

Status : Received

Published: 2026-05-01T17:16:25.027

Modified: 2026-05-01T18:16:15.497

Link: CVE-2026-42467

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T11:00:06Z

Weaknesses