Buffer Overflow Vulnerability in GLib Affects Multiple Versions
CVE-2026-0988

3.7LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 21 January 2026

What is CVE-2026-0988?

A flaw in GLib affects the g_buffered_input_stream_peek() function due to inadequate validation of offset and count parameters. This vulnerability can facilitate an integer overflow when crafted inputs are applied, which in turn leads to incorrect size calculations for memcpy(). Consequently, this may result in a buffer overflow, causing potential application crashes and creating a Denial of Service (DoS) scenario.

References

https://access.redhat.com/security/cve/CVE-2026-0988

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2429886

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2026
Vulnerability Reserved
Jan 15, 2026

Credit

Red Hat would like to thank Codean Labs for reporting this issue.

JSON