CVE-2026-35547

Summary

When processing the header of an incoming message, libnv failed to properly validate the message size.

The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD15.0-RELEASE < p7affected
FreeBSDFreeBSD14.4-RELEASE < p3affected
FreeBSDFreeBSD14.3-RELEASE < p12affected
FreeBSDFreeBSD13.5-RELEASE < p13affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow
  • CWE-130: CWE-130: Improper Handling of Length Parameter Inconsistency

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References