Glibc CVE-2026-5450 9.8
A vulnerability has been discovered in the GNU C Library, affecting systems that link against versions 2.7 and 2.43. The vulnerability occurs when an application invokes a scanf family function with a specific conversion specifier and width, causing memory corruption. This corruption can lead to program crashes, data integrity loss, or remote code execution if exploited by an attacker.
- ▪The vulnerability is identified as CVE-2026-5450 with a CVSS score of 9.8, indicating high severity.
- ▪Affected systems include most Linux distributions and applications compiled against the affected glibc releases.
- ▪The EPSS score is below 1%, indicating a low likelihood of widespread exploitation at present.
Opening excerpt (first ~120 words) tap to expand
Impact The vulnerability occurs when an application invokes a scanf family function with the %mc conversion specifier and specifies an explicit width greater than 1024. This causes an off‑by‑one write on a heap buffer and can corrupt adjacent memory. The resulting memory corruption falls under CWE‑122, CWE‑131, and CWE‑787, and may lead to program crash, data integrity loss, or, if an attacker can influence subsequent execution, remote code execution. Affected Systems All systems that link against the GNU C Library between versions 2.7 and 2.43 are affected. This includes most Linux distributions, as well as applications compiled against these glibc releases.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Opencve.
Discussion
0 commentsMore from Opencve
