| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 4.34- |
Summary
A vulnerability, which was classified as critical, was found in rui314 8cc. The impacted element is an unknown function of the component Memory Access Handler. The manipulation results in out-of-bounds. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-50643. The attack requires a local approach. No exploit exists. Applying a patch is advised to resolve this issue.
Details
A vulnerability was found in rui314 8cc (affected version not known). It has been classified as critical. Affected is some unknown functionality of the component Memory Access Handler. The manipulation with an unknown input leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line numbers, an attacker can trigger out-of-bounds memory access and a crash. Maintainer of this project was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Version corresponding to the commit b480958 was tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
The weakness was disclosed by Michal Majchrowicz. The advisory is shared for download at cert.pl. This vulnerability is traded as CVE-2026-50643 since 06/05/2026. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
Applying the patch b480958 is able to eliminate this problem.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Support
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.7
VulDB Base Score: 5.9
VulDB Temp Score: 5.7
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔒
Patch: b480958
Timeline
06/05/2026 CVE reserved06/18/2026 Advisory disclosed
06/18/2026 VulDB entry created
06/18/2026 VulDB entry last update
Sources
Advisory: cert.plResearcher: Michal Majchrowicz
Status: Confirmed
CVE: CVE-2026-50643 (🔒)
GCVE (CVE): GCVE-0-2026-50643
GCVE (VulDB): GCVE-100-372192
Entry
Created: 06/18/2026 15:05Changes: 06/18/2026 15:05 (68)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.