CVE-2026-35547— Heap overflow in libnv
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35547
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap overflow in libnv
Source: NVD (National Vulnerability Database)
Vulnerability Description
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
FreeBSD 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞,该漏洞源于处理传入消息标头时未能正确验证消息大小,可能导致恶意程序写入堆分配边界之外,进而触发崩溃或系统恐慌,并可能被利用提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35547
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35547
请登录查看更多情报信息。
Same Patch Batch · FreeBSD · 2026-04-30 · 6 CVEs total
| CVE-2026-42511 | Remote code execution via malicious DHCP options | |
| CVE-2026-7164 | pf can overflow the stack parsing crafted SCTP packets | |
| CVE-2026-7270 | Local privilege escalation via execve() | |
| CVE-2026-42512 | Remotely triggerable out-of-bounds heap write in dhclient | |
| CVE-2026-39457 | Stack overflow via select() file descriptor set overflow |
IV. Related Vulnerabilities
Same product: FreeBSD
- CVE-2026-39457
Stack overflow via select() file descriptor set overflow - CVE-2026-42512
Remotely triggerable out-of-bounds heap write in dhclient - CVE-2026-7164
pf can overflow the stack parsing crafted SCTP packets - CVE-2026-7270
Local privilege escalation via execve() - CVE-2026-42511
Remote code execution via malicious DHCP options
Same vendor: FreeBSD
- CVE-2026-39457
Stack overflow via select() file descriptor set overflow - CVE-2026-42512
Remotely triggerable out-of-bounds heap write in dhclient - CVE-2026-7164
pf can overflow the stack parsing crafted SCTP packets - CVE-2026-7270
Local privilege escalation via execve() - CVE-2026-42511
Remote code execution via malicious DHCP options
Same weakness: CWE-122
- CVE-2026-8261
Squirrel sqobject.cpp Load heap-based overflow - CVE-2026-8213
OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow - CVE-2026-8212
OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow - CVE-2026-42309
Pillow: Heap buffer overflow with nested list coordinates - CVE-2026-45130
Vim: Heap Buffer Overflow in spell file loading
V. Comments for CVE-2026-35547
No comments yet