CNNVD-202601-2368 Information

CNNVD ID

CNNVD-202601-2368

Related CVE

CVE-2026-0861

• CNNVD Published: 2026-01-14

Description (Chinese)

GNU C Library是GNU社区的一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.30版本至2.42版本存在安全漏洞，该漏洞源于向memalign系列函数传递过大的对齐值可能导致整数溢出，进而导致堆损坏。

Description (English)

GNU C Library is a free-of-charge C-language translation process for the GNU community issued under the LGPL licence agreement. There is a security gap between GNU C Library, Versions 2.30 to 2.42, which stems from the fact that too large a alignment value is passed to the memalign series function, which may result in integer spills, leading to stack damage.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GNU

Published

2026-01-14

Last Modified

2026-02-24

References

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 http://www.openwall.com/lists/oss-security/2026/01/16/5 https://sourceware.org/bugzilla/show_bug.cgi?id=33796

Patch

https://sourceware.org/bugzilla/show_bug.cgi?id=33796