CVE-2026-5358

Gravedad:

Pendiente de análisis

Tipo:

CWE-120 Copia de búfer sin comprobación del tamaño de entrada (Desbordamiento de búfer clásico)

Fecha de publicación:

20/04/2026

Última modificación:

20/04/2026

Descripción

*** Pendiente de traducción *** The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.<br /> <br /> NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

Impacto

Referencias a soluciones, herramientas e información

https://sourceware.org/bugzilla/show_bug.cgi?id=34067