Home

Description

Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-09 | Updated 2026-02-09 | Assigner CERTVDE




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

2.64
affected

Default status
unaffected

2.64
affected

Credits

Diconium finder

References

certvde.com/de/advisories/VDE-2026-004

cve.org (CVE-2026-22904)

nvd.nist.gov (CVE-2026-22904)

Download JSON