CVE-2026-5358

Severity CVSS v4.0:

Pending analysis

Type:

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Publication date:

20/04/2026

Last modified:

20/04/2026

Description

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.<br /> <br /> NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

Impact

References to Advisories, Solutions, and Tools

https://sourceware.org/bugzilla/show_bug.cgi?id=34067