CVE-2026-0861Integer Overflow or Wraparound in GNU C Library Glibc

CWE-190Integer Overflow or Wraparound8 documents8 sources
Severity
8.4HIGHNVD
EPSS
0.0%
top 98.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GlibcTHE GNU C Library Glibc
Timeline
PublishedJan 14
Latest updateFeb 3

Description

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages3 packages

CVEListV5the_gnu_c_library/glibc2.302.42
Debiangnu/glibc< 2.41-12+deb13u2+1
NVDgnu/glibc2.302.42

Patches

Patch: sourceware.orgPatch: www.openwall.com

🔴Vulnerability Details

3
CVEList
Integer overflow in memalign leads to heap corruption2026-01-14
GHSA
GHSA-5pf6-63v3-88hw: Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library vers2026-01-14
OSV
CVE-2026-0861: Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 22026-01-14

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2026-02-03
Red Hat
glibc: Integer overflow in memalign leads to heap corruption2026-01-14
Debian
CVE-2026-0861: glibc - Passing too large an alignment to the memalign suite of functions (memalign, pos...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-0861 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0861 — Integer Overflow or Wraparound | cvebase