{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0708", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2026-01-08T03:31:35.226Z", "datePublished": "2026-03-17T02:28:08.429Z", "dateUpdated": "2026-03-17T13:26:47.057Z"}, "containers": {"cna": {"title": "Libucl: libucl: denial of service via embedded null byte in ucl input", "descriptions": [{"lang": "en", "value": "A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system."}], "affected": [{"vendor": "libucl", "product": "libucl", "versions": [{"status": "affected", "version": "3e7f023e184e06f30fb5792dacd9dd0f8b692f1b", "versionType": "git"}], "packageName": "libucl", "collectionURL": "https://github.com/vstakhov/libucl", "defaultStatus": "unknown"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0708", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427770", "name": "RHBZ#2427770", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/vstakhov/libucl/issues/323"}], "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}, "format": "CVSS"}], "datePublic": "2025-05-15T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "workarounds": [{"lang": "en", "value": "To mitigate this issue, applications utilizing `libucl` should avoid processing untrusted input that contains keys with embedded null bytes, especially when operating in `UCL_PARSER_ZEROCOPY` mode. Restricting input to trusted sources can reduce exposure."}], "timeline": [{"lang": "en", "time": "2026-01-08T03:30:46.275Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-15T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-03-17T11:38:51.414Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"references": [{"url": "https://github.com/vstakhov/libucl/issues/323", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:26:43.148913Z", "id": "CVE-2026-0708", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:26:47.057Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0708", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-17T13:26:43.148913Z"}}}], "references": [{"url": "https://github.com/vstakhov/libucl/issues/323", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:26:35.337Z"}}], "cna": {"title": "Libucl: libucl: denial of service via embedded null byte in ucl input", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "libucl", "product": "libucl", "versions": [{"status": "affected", "version": "3e7f023e184e06f30fb5792dacd9dd0f8b692f1b", "versionType": "git"}], "packageName": "libucl", "collectionURL": "https://github.com/vstakhov/libucl", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2026-01-08T03:30:46.275Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-15T00:00:00.000Z", "value": "Made public."}], "datePublic": "2025-05-15T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0708", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427770", "name": "RHBZ#2427770", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/vstakhov/libucl/issues/323"}], "workarounds": [{"lang": "en", "value": "To mitigate this issue, applications utilizing `libucl` should avoid processing untrusted input that contains keys with embedded null bytes, especially when operating in `UCL_PARSER_ZEROCOPY` mode. Restricting input to trusted sources can reduce exposure."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-03-17T11:38:51.414Z"}, "x_redhatCweChain": "CWE-125: Out-of-bounds Read"}}, "cveMetadata": {"cveId": "CVE-2026-0708", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:26:47.057Z", "dateReserved": "2026-01-08T03:31:35.226Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2026-03-17T02:28:08.429Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vstakhov:libucl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FF5B7E-8AFB-438D-A407-EC4664ED380A", "versionEndIncluding": "0.9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en libucl. Un atacante remoto podr\u00eda explotar esto al proporcionar una entrada de Universal Configuration Language (UCL) especialmente dise\u00f1ada que contiene una clave con un byte nulo incrustado. Esto puede causar un fallo de segmentaci\u00f3n (fallo SEGV) en la funci\u00f3n 'ucl_object_emit' al analizar y emitir el objeto, lo que lleva a una denegaci\u00f3n de servicio (DoS) para el sistema afectado."}], "id": "CVE-2026-0708", "lastModified": "2026-05-11T17:14:50.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-17T04:16:07.750", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-0708"}, {"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427770"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Vendor Advisory", "Exploit"], "url": "https://github.com/vstakhov/libucl/issues/323"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Vendor Advisory", "Exploit"], "url": "https://github.com/vstakhov/libucl/issues/323"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "3e7f023e184e06f30fb5792dacd9dd0f8b692f1b"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "libucl", "vendor": "libucl"}], "analysis": {"en": {"generated_at": "2026-03-17T04:20:30.158083+00:00", "value": {"mitigation_remediation": ["Avoid processing untrusted input containing keys with embedded null bytes, especially in UCL_PARSER_ZEROCOPY mode.", "Disable UCL_PARSER_ZEROCOPY mode if possible.", "Validate or sanitize UCL input to remove embedded null bytes in keys before parsing.", "Monitor application logs for segmentation faults and plan for service restarts if crashes occur."], "summary": {"action": "Apply Workaround", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the libucl:libucl product. No specific version information is provided, so all versions of libucl that use the vulnerable parsing routine are potentially impacted.", "description_and_impact": "A flaw in libucl allows a remote attacker to supply a specially crafted Universal Configuration Language (UCL) input containing a key with an embedded null byte. When parsed, the ucl_object_emit function crashes with a segmentation fault, resulting in a denial of service. The weakness is identified as CWE-125, an out\u2011of-bounds read that can lead to memory corruption.", "risk_and_exploitability": "The CVSS score of 8.3 signifies a high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. A remote attacker can exploit this by sending the crafted UCL input, likely to any service that processes UCL data. The attack vector is remote, and the primary consequence is a service crash that leads to a denial of service. No additional prerequisites are mentioned, implying that the vulnerability could be triggered in normal operation when untrusted input is processed."}}}}, "created": "2026-03-17T09:51:58.952340+00:00", "updated": "2026-03-24T10:49:37.454724+00:00", "vendors": ["libucl", "libucl$PRODUCT$libucl"]}