Home

Description

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-01-07 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-457 Use of Uninitialized Variable

CWE-789 Memory Allocation with Excessive Size Value

Product status

Default status
unaffected

Any version
affected

Credits

Ron Edgerson finder

References

seclists.org/fulldisclosure/2026/Jan/9 technical-description exploit

www.panda3d.org/ product

github.com/panda3d/panda3d product

www.vulncheck.com/...b-stack-exhaustion-via-unbounded-alloca third-party-advisory

cve.org (CVE-2026-22188)

nvd.nist.gov (CVE-2026-22188)

Download JSON