CVE-2026-5358 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 21, 2026
GNU C Library - Buffer Overflow
Published: April 20, 2026Updated: April 21, 2026Remote Exploitable
Overview
GNU C Library <= 2.43 contains a buffer overflow caused by the obsolete nis_local_principal function, letting attackers spoof crafted UDP responses to overwrite static data, exploit requires sending crafted UDP packets.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can overwrite static data in the application, potentially leading to data corruption or code execution.
Mitigation
Port away from NIS and update to a version later than 2.43 or the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-5358
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- buffer_overflow
- Status
- unconfirmed
CWE
- CWE-120
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H