CVE-2026-0988

Description

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

CVSS Details

CVSS Score

3.7

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

glib < 2.77.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import struct

# 构造恶意参数
def create_exploit_payload(offset, count):
    # 触发整数溢出的参数组合
    payload = struct.pack('<II', offset, count)
    return payload

# 发送漏洞触发请求
def trigger_vulnerability(target):
    payload = create_exploit_payload(0xFFFFFFFF, 1)
    # 发送到目标服务
    return payload

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0988
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0988
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0988/
[4] VulDB https://vuldb.com/cve/CVE-2026-0988
[5] https://access.redhat.com/errata/RHSA-2026:7461
[6] https://access.redhat.com/security/cve/CVE-2026-0988
[7] https://bugzilla.redhat.com/show_bug.cgi?id=2429886
[8] https://gitlab.gnome.org/GNOME/glib/-/issues/3851

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0988", "sourceIdentifier": "[email protected]", "published": "2026-01-21T12:15:55.560", "lastModified": "2026-04-24T21:16:17.357", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS)."}, {"lang": "es", "value": "Se encontró una vulnerabilidad en glib. La falta de validación de los parámetros offset y count en la función g_buffered_input_stream_peek() puede conducir a un desbordamiento de entero durante el cálculo de la longitud. Cuando se proporcionan valores especialmente manipulados, este desbordamiento resulta en que se pase un tamaño incorrecto a memcpy(), lo que desencadena un desbordamiento de búfer. Esto puede causar caídas de la aplicación, lo que lleva a una denegación de servicio (DoS)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-190"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:7461", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-0988", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429886", "source": "[email protected]"}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3851", "source": "[email protected]"}]}}