Integer Underflow and Out-of-Bounds Read in Driftregion ISO14229 Product
CVE-2026-54413

7.8HIGH

Key Information:

Vendor

Driftregion

Status
Iso14229
Vendor
CVE Published:
14 June 2026

What is CVE-2026-54413?

The Driftregion ISO14229 product contains a vulnerability that stems from an integer underflow and a downstream out-of-bounds read condition in the Handle_0x27_SecurityAccess function. An unauthenticated remote attacker can exploit this by sending a specially crafted single-byte SecurityAccess request, which can lead to the crashing of a UDS server and potential unauthorized access to memory beyond the expected buffer limit. This flaw occurs because the function mishandles the length of the received message, allowing the assessment of excessive bytes from the receive buffer. This weakness exposes deployments within automotive ECUs, industrial control systems, and IoT devices that utilize ISO14229 as their UDS server, highlighting critical security implications for these environments.

Affected Version(s)

iso14229 0 <= 0.9.0

References

https://github.com/driftregion/iso14229
product
https://github.com/driftregion/iso14229/blob/main/iso1422...
product
https://cwe.mitre.org/data/definitions/191.html
technical-description

CVSS V4

Score:
7.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Burxonov Muslimbek
.