{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24814", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:48:56.893Z", "datePublished": "2026-01-27T08:50:48.964Z", "dateUpdated": "2026-01-27T20:42:37.813Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/swoole/swoole-src", "defaultStatus": "affected", "modules": ["thirdparty/hiredis"], "product": "swoole-src", "programFiles": ["sds.c"], "vendor": "swoole", "versions": [{"lessThan": "6.0.2", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules).<p> This vulnerability is associated with program files <tt>sds.C</tt>.</p><p>This issue affects swoole-src: before 6.0.2.</p>"}], "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C.\n\nThis issue affects swoole-src: before 6.0.2."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:50:48.964Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/swoole/swoole-src/pull/5698"}], "source": {"discovery": "UNKNOWN"}, "title": "A integer overflow in swoole/swoole-src", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T20:42:00.186484Z", "id": "CVE-2026-24814", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:42:37.813Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24814", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T20:42:00.186484Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:42:09.563Z"}}], "cna": {"title": "A integer overflow in swoole/swoole-src", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 10, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "swoole", "modules": ["thirdparty/hiredis"], "product": "swoole-src", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0.2", "versionType": "git"}], "programFiles": ["sds.c"], "collectionURL": "https://github.com/swoole/swoole-src", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/swoole/swoole-src/pull/5698", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C.\n\nThis issue affects swoole-src: before 6.0.2.", "supportingMedia": [{"type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules).<p> This vulnerability is associated with program files <tt>sds.C</tt>.</p><p>This issue affects swoole-src: before 6.0.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:50:48.964Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24814", "state": "PUBLISHED", "dateUpdated": "2026-01-27T20:42:37.813Z", "dateReserved": "2026-01-27T08:48:56.893Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:50:48.964Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C.\n\nThis issue affects swoole-src: before 6.0.2."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de entero o ajuste en swoole swoole-src (m\u00f3dulos thirdparty/hiredis). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa sds.C.\n\nEste problema afecta a swoole-src: anterior a la 6.0.2."}], "id": "CVE-2026-24814", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:51.830", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/swoole/swoole-src/pull/5698"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:54:15.680306+00:00", "value": {"mitigation_remediation": ["Upgrade swoole-src to version 6.0.2 or later, which contains the patched code.", "If an immediate upgrade is not feasible, disable or remove the hiredis modules from the application configuration to eliminate the vulnerable code path.", "Apply the individual patch from the official pull request (https://github.com/swoole/swoole-src/pull/5698) by manually replacing the affected sds.C file with the corrected version and rebuild the binary."], "summary": {"action": "Immediate Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "The flaw affects all installations of swoole-src older than version 6.0.2. Users relying on the third\u2011party hiredis modules are particularly at risk. The affected components are within the swoole-src repository, identified as swoole:swoole-src.", "description_and_impact": "An integer overflow or wraparound flaw has been discovered in the swoole-src project, specifically within the third\u2011party hiredis modules and the sds.C source file. The vulnerability allows an attacker to supply crafted input that overflows an integer variable, potentially corrupting memory and causing undefined behavior. The high CVSS score of 10 reflects the critical risk of this flaw.", "risk_and_exploitability": "The CVSS base score indicates a critical level of risk, and although the EPSS score is less than 1%, the vulnerability is not yet catalogued in CISA\u2019s KEV list. The flaw resides in code that processes network or external input, but no explicit remote exploitation path is documented. An attacker could potentially trigger the overflow by sending crafted input to the hiredis component."}}}}, "created": "2026-01-27T20:17:04.641823+00:00", "updated": "2026-04-18T15:00:03.447292+00:00", "vendors": ["swoole", "swoole$PRODUCT$swoole"]}