Description
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.
Published: 2026-06-25
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in libais version 0.15’s VdmStream::AddLine function, which uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out‑of‑range sequential message IDs. This out‑of‑bounds vector access can corrupt memory or trigger a crash, leading to denial of service on services or vessel systems that rely on AIS data. The weakness is a classic example of CWE‑129.

Affected Systems

The affected product is libais by schwehr, specifically version 0.15 and earlier that has not applied the recent fix. Any system that incorporates this library—such as AIS receivers, maritime navigation software, or monitoring services—could be impacted if they parse AIS messages without validating sequential IDs.

Risk and Exploitability

The CVSS score of 8.7 classifies this issue as high severity. While the EPSS score is not available, the vulnerability can be exploited remotely by an attacker who broadcasts malformed AIVDM sentences over VHF marine radio or IP feeds to the target system. The resulting out‑of‑bounds access can crash the service or corrupt data, potentially leading to system downtime or safety impacts. The vulnerability is not yet listed in CISA’s KEV catalog, but its high severity warrants immediate attention.

Generated by OpenCVE AI on June 25, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest libais release that contains the fix for VdmStream::AddLine (currently unavailable, so check vendor for a patch).
  • Restrict AIS message input to trusted sources by configuring firewall or AIS gateway rules to filter out messages with empty or out‑of‑range sequential IDs.
  • Add custom input validation in the AIS handling code to check that sequential message IDs fall within the allowed range before using them as a vector index, as a temporary workaround until a vendor patch is available.

Generated by OpenCVE AI on June 25, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Schwehr
Schwehr libais
Vendors & Products Schwehr
Schwehr libais

Thu, 25 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.
Title libais 0.15 - Out-of-bounds Vector Access in VdmStream::AddLine via Invalid Sequential Message ID
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-25T18:28:44.344Z

Reserved: 2026-06-22T21:55:17.942Z

Link: CVE-2026-56770

cve-icon Vulnrichment

Updated: 2026-06-25T18:28:39.341Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:36:42Z

Weaknesses
  • CWE-129

    Improper Validation of Array Index