{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5435", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "state": "PUBLISHED", "assignerShortName": "glibc", "dateReserved": "2026-04-02T17:18:02.654Z", "datePublished": "2026-04-28T11:58:54.962Z", "dateUpdated": "2026-04-28T15:21:13.800Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2026-04-28T11:58:54.962Z"}, "title": "Potential buffer overflow in ns_sprintrrf TSIG handling path", "datePublic": "2026-04-02T02:11:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "The GNU C Library", "product": "glibc", "versions": [{"status": "affected", "version": "2.2", "lessThanOrEqual": "*", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.<br>"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "tags": ["issue-tracking"]}, {"url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "tags": ["mailing-list"]}], "credits": [{"lang": "en", "value": "shinobu", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T15:15:07.411547Z", "id": "CVE-2026-5435", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:21:13.800Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-5435", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T15:15:07.411547Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:21:08.263Z"}}], "cna": {"title": "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "shinobu"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "The GNU C Library", "product": "glibc", "versions": [{"status": "affected", "version": "2.2", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unaffected"}], "datePublic": "2026-04-02T02:11:00.000Z", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "tags": ["issue-tracking"]}, {"url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "tags": ["mailing-list"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "supportingMedia": [{"type": "text/html", "value": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write"}]}], "providerMetadata": {"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "shortName": "glibc", "dateUpdated": "2026-04-28T11:58:54.962Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5435", "state": "PUBLISHED", "dateUpdated": "2026-04-28T15:21:13.800Z", "dateReserved": "2026-04-02T17:18:02.654Z", "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "datePublished": "2026-04-28T11:58:54.962Z", "assignerShortName": "glibc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6240DD2-E366-424F-BFA2-266E17793764", "versionStartIncluding": "2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records."}], "id": "CVE-2026-5435", "lastModified": "2026-05-05T17:38:37.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-28T13:19:22.290", "references": [{"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "tags": ["Third Party Advisory"], "url": "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u"}, {"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "tags": ["Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34033"}], "sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2026:7316", "cpe": "cpe:/a:redhat:hummingbird:1", "package": "glibc-main-2.42-11.1.hum1", "product_name": "Red Hat Hardened Images", "release_date": "2026-04-09T00:00:00Z"}], "bugzilla": {"description": "glibc: glibc: Out-of-bounds write via TSIG record processing", "id": "2463465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463465"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code."], "name": "CVE-2026-5435", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-28T11:58:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5435\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5435\nhttps://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=34033"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.2,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "glibc", "source": "cna", "vendor": "The GNU C Library"}, "product": "glibc", "vendor": "the_gnu_c_library"}], "analysis": {"en": {"generated_at": "2026-04-29T02:16:42.965267+00:00", "value": {"mitigation_remediation": ["Upgrade the GNU C Library to the latest available version from the vendor or your distribution\u2019s package manager, which includes the required safety checks.", "Re\u2011start all services that link against glibc after the upgrade to ensure the new library is loaded into memory.", "If an immediate upgrade is not possible, consider temporarily disabling TSIG record processing or restricting DNS traffic from untrusted sources to reduce exposure."], "summary": {"action": "Immediate Patch", "impact": "Buffer overflow from TSIG printing functions"}, "threat_synthesis": {"affected_systems": "All systems that use the GNU C Library (glibc) version 2.2 or newer are affected, regardless of the distribution or operating system. The vulnerability is tied to the built\u2011in DNS module that processes TSIG records.", "description_and_impact": "The vulnerability exists in the deprecated ndns printing functions ns_printrrf, ns_printrr, and fp_nquery of the GNU C Library, starting with version 2.2. The functions do not check the size of the caller-supplied buffer, which can cause an out\u2011of\u2011bounds write when printing TSIG records. This memory corruption could lead to data corruption, unstable behaviour, or exploitation that allows arbitrary code execution, depending on the attacker\u2019s ability to control the input data.", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high risk level. EPSS is not available, and the vulnerability is not listed in CISA KEV, implying no known active exploitation yet. The likely attack vector is via a crafted DNS query containing a malicious TSIG record, so network\u2011based administrators should monitor outgoing DNS traffic for suspicious characteristics. The magnitude of impact could be system\u2011wide if the corrupted memory affects critical library functions."}}}}, "created": "2026-04-28T16:00:12.316633+00:00", "updated": "2026-04-29T02:30:07.564072+00:00", "vendors": ["the_gnu_c_library", "the_gnu_c_library$PRODUCT$glibc"]}