CVE-2026-5358 in C LibraryИнформация

Сводка

по MITRE • 21.04.2026

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.

NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

Glibc

Резервировать

01.04.2026

Раскрытие

21.04.2026

Модерация

принято

Вход

VDB-358372

CPE

готов

CWE

CWE-120 (Подтверждённый)

CVSS

5.3 (VulDB)

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Сектор

Government, Energy, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5358
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5358
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5358/

◂ Предыдущий Обзор Далее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!