Heap overflow in libnv
Summary
| CVE | CVE-2026-35547 |
|---|---|
| State | PUBLISHED |
| Assigner | freebsd |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-30 09:16:03 UTC |
| Updated | 2026-04-30 09:16:03 UTC |
| Description | When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges. |
Risk And Classification
Problem Types: CWE-122 | CWE-130 | CWE-122 CWE-122: Heap-based Buffer Overflow | CWE-130 CWE-130: Improper Handling of Length Parameter Inconsistency
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | FreeBSD | FreeBSD | affected 15.0-RELEASE p7 release | Not specified |
| CNA | FreeBSD | FreeBSD | affected 14.4-RELEASE p3 release | Not specified |
| CNA | FreeBSD | FreeBSD | affected 14.3-RELEASE p12 release | Not specified |
| CNA | FreeBSD | FreeBSD | affected 13.5-RELEASE p13 release | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc | [email protected] | security.freebsd.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Mariusz Zaborski (en)
There are currently no legacy QID mappings associated with this CVE.