Out-of-Bounds Write in GNU C Library Affects Multiple Versions
CVE-2026-5435

7.3HIGH

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 28 April 2026

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2026-5435?

A significant vulnerability exists in the GNU C Library (glibc) due to the failure of deprecated functions such as ns_printrrf, ns_printrr, and fp_nquery to properly enforce caller-supplied buffer lengths when printing TSIG records. This oversight can lead to out-of-bounds writes, potentially allowing attackers to corrupt memory, leading to undefined behavior, crashes, or further exploitation of the system. It is crucial for users of affected glibc versions to address this vulnerability promptly to maintain system integrity and security.

Affected Version(s)

glibc 2.2

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34033

issue-tracking

https://inbox.sourceware.org/libc-announce/7a655d55-276f-...

mailing-list

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

shinobu

CVE-2026-5435 Data

JSON