CVE-2026-5435 | THREATINT

Description

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

PUBLISHED Reserved 2026-04-02 | Published 2026-04-28 | Updated 2026-04-28 | Assigner glibc

Problem types

CWE-787 Out-of-bounds write

Product status

Default status

unaffected

2.2 (custom)

affected

Credits

shinobu finder

References

sourceware.org/bugzilla/show_bug.cgi?id=34033 issue-tracking

inbox.sourceware.org/...41fe-b550-feb3ebb2ce91@redhat.com/T/ mailing-list

cve.org (CVE-2026-5435)

nvd.nist.gov (CVE-2026-5435)

Download JSON