top of page
perceptive_background_267k.jpg

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buff…

Published:

30 April 2026 at 22:00:00

Alert date:

1 May 2026 at 20:05:46

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

CVE-2026-42485 affects AGL agl-service-can-low-level's uds-c library with a stack buffer overflow vulnerability. The send_diagnostic_request function in uds.c allocates a 6-byte buffer but copies up to 7 bytes via memcpy, causing 1-4 bytes of controlled stack overflow. The payload_length field lacks bounds checking against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this vulnerability can lead to return address overwrite and remote code execution. The vulnerability specifically impacts automotive systems running Automotive Grade Linux (AGL).

Technical details

Mitigation steps:

Affected products:

AGL agl-service-can-low-level
uds-c library

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42485
https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level
https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page