VDB
GCVE-110-NCSC-2026-224
GCVE-110-NCSC-2026-224
Advisory PublishedCVSS 7.8/10
Heap buffer overflow vulnerabilities in libfetch affecting FreeBSD versions prior to patches in 12.1, 12.0, and 11.3, as well as Juniper Networks Junos OS Evolved, arise from improper URL handling with username and/or password components, enabling potential code execution.
Weaknesses (CWE)
CWE-476NULL Pointer DereferenceCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-787Out-of-bounds WriteCWE-606Unchecked Input for Loop ConditionCWE-862Missing AuthorizationCWE-923Improper Restriction of Communication Channel to Intended EndpointsCWE-1284Improper Validation of Specified Quantity in InputCWE-694Use of Multiple Resources with Duplicate IdentifierCWE-466Return of Pointer Value Outside of Expected RangeCWE-1286Improper Validation of Syntactic Correctness of InputCWE-401Missing Release of Memory after Effective LifetimeCWE-820Missing SynchronizationCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-236Improper Handling of Undefined ParametersCWE-706Use of Incorrectly-Resolved Name or Reference
Risk Scores
CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Juniper Networks | vers:unknown/* | — | — |
Aliases
CVE-2020-7450CVE-2026-21901CVE-2026-33794CVE-2026-33799CVE-2026-33800CVE-2026-33801CVE-2026-33802CVE-2026-33803CVE-2026-57019CVE-2026-57020CVE-2026-57021CVE-2026-57022CVE-2026-57023CVE-2026-57024CVE-2026-57025CVE-2026-57026CVE-2026-57027CVE-2026-57028CVE-2026-57029CVE-2026-57030CVE-2026-57031CVE-2026-57032CVE-2026-57054
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.