CVE-2026-5358 in C Libraryinformação

Sumário

de MITRE • 21/04/2026

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.

NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Glibc

Reservar

01/04/2026

Divulgação

21/04/2026

Moderação

aceite

Entrada

VDB-358372

CPE

pronto

CWE

CWE-120 (confirmado)

CVSS

5.3 (VulDB)

EPSS

0.00000

KEV

não

Atividades

muito baixo

Sector

Insurance, Government, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5358
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5358
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5358/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!