From: Siddhesh Poyarekar Date: Fri, 10 Apr 2026 16:52:11 +0000 (-0400) Subject: Document CVE-2026-5358 and CVE-2026-5928 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=da3863e62e8ff1abc6b92cfe6d899ca3e80c8c4b;p=thirdparty%2Fglibc.git Document CVE-2026-5358 and CVE-2026-5928 Signed-off-by: Siddhesh Poyarekar --- diff --git a/advisories/GLIBC-SA-2026-0008 b/advisories/GLIBC-SA-2026-0008 new file mode 100644 index 0000000000..1dbd9808e0 --- /dev/null +++ b/advisories/GLIBC-SA-2026-0008 @@ -0,0 +1,16 @@ +Static buffer overflow in deprecated nis_local_principal + +The obsolete nis_local_principal function in the GNU C Library version +2.43 and older may overflow a buffer in the data section, which could +allow an attacker to spoof a crafted response to a UDP request generated +by this function and overwrite neighboring static data in the requesting +application. + +NIS support is obsolete and has been deprecated in the GNU C Library +since version 2.26 and is only maintained for legacy usage. Applications +should port away from NIS to more modern identity and access management +services. + +CVE-Id: CVE-2026-5358 +Public-Date: 2026-04-10 +Reported-by: Rahul Hoysala diff --git a/advisories/GLIBC-SA-2026-0010 b/advisories/GLIBC-SA-2026-0010 new file mode 100644 index 0000000000..ae9953fb71 --- /dev/null +++ b/advisories/GLIBC-SA-2026-0010 @@ -0,0 +1,24 @@ +Potential buffer under-read in ungetwc + +Calling the ungetwc function on a FILE stream with wide characters +encoded in a character set that has overlaps between its single byte and +multi-byte character encodings, in the GNU C Library version 2.43 or +earlier, may result in an attempt to read bytes before an allocated +buffer, potentially resulting in unintentional disclosure of neighboring +data in the heap, or a program crash. + +A bug in the wide character pushback implementation +(_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate +on the regular character buffer (fp->_IO_read_ptr) instead of the actual +wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program +crash may happen in cases where fp->_IO_read_ptr is not initialized and +hence points to NULL. The buffer under-read requires a special situation +where the input character encoding is such that there are overlaps +between single byte representations and multibyte representations in +that encoding, resulting in spurious matches. The spurious match case +is not possible in the standard Unicode character sets. + +CVE-Id: CVE-2026-5928 +Public-Date: 2026-03-17 +Reported-by: Rocket Ma +Vulnerable-Commit: d64b6ad07585b8a37e5fecc9a47fcee766d52ede (2.1.1-89)