CVE-2026-5358 in C Libraryinformación

Resumen

por MITRE • 2026-04-21

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.

NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Glibc

Reservar

2026-04-01

Divulgación

2026-04-21

Moderación

aceptado

Artículo

VDB-358372

CPE

listo

CWE

CWE-120 (confirmado)

CVSS

5.3 (VulDB)

EPSS

0.00000

KEV

Actividades

muy bajo

Sector

Pharma, Energy, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5358
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5358
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5358/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!