CVE-2026-5358

描述

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application. NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

受影響套件(1)

• Debian/glibcfrom 0

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-5358