CVE-2026-37536: Stack Buffer Overflow in miaofng/uds-c
The National Vulnerability Database has detailed CVE-2026-37536, a high-severity stack buffer overflow affecting the miaofng/uds-c project, specifically commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a from October 2016. The vulnerability resides in the send_diagnostic_request function, where a memcpy operation to a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE) lacks proper bounds checking.
Attackers can exploit this by sending a payload_length that, when combined with other offset values, exceeds the buffer’s capacity. With MAX_UDS_REQUEST_PAYLOAD_LENGTH set at 7, a crafted request can lead to 10 bytes being written to a 6-byte buffer, overflowing it by 4 bytes. This absence of a bounds check prior to memcpy is the root cause.
Rated with a CVSSv3.1 score of 8.8 (High), this vulnerability carries significant risk. The vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates it can be exploited by an unauthenticated attacker over an adjacent network, leading to high confidentiality, integrity, and availability impacts. While specific affected products are not detailed by the National Vulnerability Database, any system integrating this particular uds-c commit is at risk, especially in embedded or automotive contexts where UDS is common.
What This Means For You
- If your organization utilizes the `miaofng/uds-c` library, especially in embedded systems or automotive applications, you need to immediately audit your codebase for the vulnerable commit `e506334e270d77b20c0bc259ac6c7d8c9b702b7a`. This isn't theoretical; a stack buffer overflow with an 8.8 CVSS score means an adjacent network attacker can likely achieve arbitrary code execution or cause denial of service. Patch or update the library without delay.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-37536: UDS Diagnostic Request Stack Buffer Overflow
title: CVE-2026-37536: UDS Diagnostic Request Stack Buffer Overflow
id: scw-2026-05-01-ai-1
status: experimental
level: critical
description: |
Detects the execution of 'uds-c' with a command line indicating a diagnostic request, which is the vulnerable function in CVE-2026-37536. This rule specifically targets the function call that triggers the stack buffer overflow due to improper handling of payload length.
author: SCW Feed Engine (AI-generated)
date: 2026-05-01
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-37536/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
detection:
selection:
Image|startswith:
- 'uds-c'
CommandLine|contains:
- 'send_diagnostic_request'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-37536 | Buffer Overflow | miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a |
| CVE-2026-37536 | Buffer Overflow | Vulnerable function: send_diagnostic_request |
| CVE-2026-37536 | Buffer Overflow | CWE-121: Stack-based Buffer Overflow |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 01, 2026 at 20:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7588 — Ggerve Coding-Standards-Mcp Path Traversal
CVE-2026-7588 — A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language...
CVE-2026-35233 — Denial of Service
CVE-2026-35233 — An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to...
CVE-2026-7587 — Open5GS Denial of Service
CVE-2026-7587 — A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component...