CVE-2026-8484 | THREATINT

Description

A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment.

PUBLISHED Reserved 2026-05-13 | Published 2026-06-16 | Updated 2026-06-16 | Assigner CERT-PL

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unknown

Any version

affected

Credits

Michał Majchrowicz (AFINE) finder

Marcin Wyczechowski (AFINE) finder

References

cert.pl/en/posts/2026/06/CVE-2026-8484 third-party-advisory

github.com/fusesource/jansi/tree/master product

cve.org (CVE-2026-8484)

nvd.nist.gov (CVE-2026-8484)

Download JSON