CVE-2026-56770

Description

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.

References

• https://github.com/schwehr/libais/issues/263
• https://www.vulncheck.com/advisories/libais-out-of-bounds-vector-access-in-vdmstream-addline-via-invalid-sequential-message-id