CVE Catalog

CVE-2026-56770

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

libais through 0.15 has a vulnerability where VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences.

Risk Assessment

This vulnerability can lead to crashes of marine systems and potential memory corruption, posing a serious threat to maritime operational safety.

Recommendation

It is recommended to update libais to a version above 0.15 to mitigate this vulnerability and implement additional input validation mechanisms.

Original NVD description (English source)

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS