CVE-2026-5358 in C Libraryinfo

Zusammenfassung

von MITRE • 21.04.2026

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.

NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Glibc

Reservieren

01.04.2026

Veröffentlichung

21.04.2026

Moderieren

akzeptiert

Eintrag

VDB-358372

CPE

bereit

CWE

CWE-120 (bestätigt)

CVSS

5.3 (VulDB)

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Sektor

Hospital, Government, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5358
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5358
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5358/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!