CVE-2026-5435

HIGH EPSS 9.6%

Published Apr 28, 20262mo ago · Modified Jun 17, 20261w ago

7.3 CVSS 3.1

High

Published Apr 28, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

CVSS Details

Base Score

7.3

Exploitability

3.9

Impact

3.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

9.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

Vendor	Product	Version	Range
gnu	glibc	*	≥2.2

References 2

inbox.sourceware.org https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u

Third Party Advisory
sourceware.org https://sourceware.org/bugzilla/show_bug.cgi?id=34033

Issue Tracking

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.