{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2903", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-20T20:02:38.891Z", "datePublished": "2026-02-22T00:32:09.412Z", "dateUpdated": "2026-02-26T16:21:15.725Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-22T00:32:09.412Z"}, "title": "skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "skvadrik", "product": "re2c", "versions": [{"version": "4.0", "status": "affected"}, {"version": "4.1", "status": "affected"}, {"version": "4.2", "status": "affected"}, {"version": "4.3", "status": "affected"}, {"version": "4.4", "status": "affected"}], "cpes": ["cpe:2.3:a:re2c:re2c:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T21:07:45.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347210", "name": "VDB-347210 | skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347210", "name": "VDB-347210 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.755030", "name": "Submit #755030 | skvadrik re2c 04f1424 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/skvadrik/re2c/issues/571", "tags": ["issue-tracking"]}, {"url": "https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0202/blob/main/re/repro", "tags": ["exploit"]}, {"url": "https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97", "tags": ["patch"]}, {"url": "https://github.com/skvadrik/re2c/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T16:21:03.435710Z", "id": "CVE-2026-2903", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:21:15.725Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en skvadrik re2c hasta la versi\u00f3n 4.4. La funci\u00f3n afectada es check_and_merge_special_rules del archivo src/parse/ast.cc. Esta manipulaci\u00f3n provoca una desreferencia de puntero nulo. El ataque solo puede ejecutarse localmente. El exploit ha sido publicado y puede ser utilizado. Nombre del parche: febeb977936f9519a25d9fbd10ff8256358cdb97. Se sugiere instalar un parche para solucionar este problema."}], "id": "CVE-2026-2903", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-22T01:16:00.563", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/oneafter/0202/blob/main/re/repro"}, {"source": "cna@vuldb.com", "url": "https://github.com/skvadrik/re2c/"}, {"source": "cna@vuldb.com", "url": "https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97"}, {"source": "cna@vuldb.com", "url": "https://github.com/skvadrik/re2c/issues/571"}, {"source": "cna@vuldb.com", "url": "https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.347210"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.347210"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.755030"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "re2c: re2c: Denial of Service via null pointer dereference", "id": "2441707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441707"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.", "A flaw was found in re2c. A local user can exploit this vulnerability by manipulating the `check_and_merge_special_rules` function. This manipulation causes a null pointer dereference, which can lead to a denial of service (DoS)."], "name": "CVE-2026-2903", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "re2c", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2026-02-22T00:32:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2903\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2903\nhttps://github.com/oneafter/0202/blob/main/re/repro\nhttps://github.com/skvadrik/re2c/\nhttps://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97\nhttps://github.com/skvadrik/re2c/issues/571\nhttps://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101\nhttps://vuldb.com/?ctiid.347210\nhttps://vuldb.com/?id.347210\nhttps://vuldb.com/?submit.755030"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "re2c", "vendor": "re2c"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "re2c", "source": "cna", "vendor": "skvadrik"}, "product": "re2c", "vendor": "skvadrik"}], "analysis": {"en": {"generated_at": "2026-04-17T16:39:05.604418+00:00", "value": {"mitigation_remediation": ["Apply the official patch commit febeb977936f9519a25d9fbd10ff8256358cdb97 to the re2c source and rebuild the library.", "Upgrade to a re2c release that incorporates the above patch, such as any version newer than 4.4.", "If an upgrade is not feasible, rebuild re2c with the check_and_merge_special_rules routine disabled for untrusted input contexts, thereby preventing the possibility of a null pointer dereference."], "summary": {"action": "Apply Patch", "impact": "Local Denial of Service via null pointer dereference"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the re2c utility developed by skvadrik. All releases up to and including version 4.4 are susceptible. The fix is identified by commit febeb977936f9519a25d9fbd10ff8256358cdb97, and any downstream builds that incorporate this patch will no longer hit the null pointer dereference. System administrators should verify that the installed re2c package incorporates this commit or a later release.", "description_and_impact": "A null pointer dereference flaw exists in the check_and_merge_special_rules function within the re2c parser (files: src/parse/ast.cc) for all versions up to 4.4. This deficiency can cause the parser to crash when it encounters a malformed or unexpected rule structure, leading to a denial of service. No escalation of privileges or data disclosure is directly achievable from this code path, and the impact is confined to the local execution environment of the affected process.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, and the EPSS score is listed as less than 1%, reflecting a low probability of exploitation in the wild. The vulnerability is not catalogued in CISA\u2019s Known Exploited Vulnerabilities list. Attackers can only exploit the flaw locally, which means that an attacker must be able to run code or control input streams on the host running re2c. Although the exploit has been published and can be used for local denial of Service, widespread automated exploitation is unlikely given the limited vector and low EPSS."}}}}, "created": "2026-02-23T14:29:48.809166+00:00", "updated": "2026-04-17T16:45:15.827743+00:00", "vendors": ["re2c", "re2c$PRODUCT$re2c", "skvadrik", "skvadrik$PRODUCT$re2c"]}