VDB

DEBIAN-CVE-2026-5435

DEBIAN-CVE-2026-5435 PUBLISHED CVSS 7.300000190734863 HIGH

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

Risk Scores

CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
Debian:14glibc2.42-4, 2.42-6, 2.42-7
Debianglibc
Debian:11glibc2.34-1, 2.34-3, 2.34-4
Debian:13glibc0, 2.41-12, 2.41-12+deb13u1
Debian:12glibc2.39-7+sh4, 2.39-8~0, 2.40-1

Timeline

  • Apr 28, 2026 CVE Published
  • Apr 29, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›