A stack buffer overflow within the AGL CAN service could allow for unauthorized control over vehicle communication buses, posing a severe safety risk.

The vulnerability originates in the underlying uds-c library used by the CAN service. An attacker could exploit this overflow to gain control of the service, potentially injecting malicious commands into the vehicle's CAN bus.

With a CVSS score of 7.5, this vulnerability represents a high risk to the functional safety and security of automotive environments. Unauthorized access to the CAN bus can lead to the manipulation of vehicle components, impacting both the operation and safety of the vehicle.

Immediate Action: Update the agl-service-can-low-level service and the associated uds-c dependency to the latest secure versions.

Proactive Monitoring: Monitor CAN bus traffic for unexpected or malformed diagnostic messages that could indicate an exploitation attempt.

Compensating Controls: Apply strict input validation at the CAN gateway to ensure only authorized diagnostic requests are processed.

Public Exploit Available: false

This vulnerability demands immediate attention from automotive software teams. The potential impact on vehicle systems necessitates a rigorous patching cycle and thorough validation of the service's communication interfaces.