GNU glibc up to 2.42 integer overflow

Summaryinfo

A vulnerability classified as problematic was found in GNU glibc up to 2.42. Impacted is the function memalign/posix_memalign/aligned_alloc/valloc/pvalloc. Executing a manipulation can lead to integer overflow. This vulnerability is handled as CVE-2026-0861. It is possible to launch the attack on the local host. There is not any exploit available.

Detailsinfo

A vulnerability classified as problematic was found in GNU glibc up to 2.42. This vulnerability affects the function memalign/posix_memalign/aligned_alloc/valloc/pvalloc. The manipulation with an unknown input leads to a integer overflow vulnerability. The CWE definition for the vulnerability is CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

The weakness was released by Igor Morgenstern. The advisory is shared for download at sourceware.org. This vulnerability was named CVE-2026-0861 since 01/12/2026. The exploitation appears to be easy. The attack needs to be approached locally. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 296551 (Fedora 43 : glibc (2026-205d532069)), which helps to determine the existence of the flaw in a target environment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at Tenable (296551), EUVD (EUVD-2026-2441) and CERT Bund (WID-SEC-2026-0118). Once again VulDB remains the best source for vulnerability data.

Affected

• Open Source GNU libc
• Red Hat Enterprise Linux
• Fedora Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• SUSE openSUSE
• RESF Rocky Linux
• Dell Secure Connect Gateway

Productinfo

Type

• Software Library

Vendor

• GNU

Name

• glibc

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4
• 2.5
• 2.6
• 2.7
• 2.8
• 2.9
• 2.10
• 2.11
• 2.12
• 2.13
• 2.14
• 2.15
• 2.16
• 2.17
• 2.18
• 2.19
• 2.20
• 2.21
• 2.22
• 2.23
• 2.24
• 2.25
• 2.26
• 2.27
• 2.28
• 2.29
• 2.30
• 2.31
• 2.32
• 2.33
• 2.34
• 2.35
• 2.36
• 2.37
• 2.38
• 2.39
• 2.40
• 2.41
• 2.42

License

• open-source

Website

• Vendor: https://www.gnu.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion