CVE-2026-5450

CRITICAL

THE GNU C Library Glibc < 2.7 - Buffer Overflow

Title source: rule

Description

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

References (2)

[Issue Tracking] https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450

[Mailing List] https://inbox.sourceware.org/libc-announce/[email protected]/T/#u

Scores

CVSS v3 9.8

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-122 CWE-787

Status published

Products (2)

gnu/glibc 2.7 - 2.43

The GNU C Library/glibc 2.7

Published Apr 20, 2026

Tracked Since Apr 21, 2026