CVE-2026-42199— Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42199
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
Source: NVD (National Vulnerability Database)
Vulnerability Description
Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
Grid 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Grid是Armin Becher个人开发者的一个二维数据结构库。 Grid 0.17.0版本至1.0.1之前版本存在输入验证错误漏洞,该漏洞源于Grid::expand_rows()中的整数溢出可能破坏网格逻辑维度与后备存储之间的关系,导致安全API get()使用无效索引调用get_unchecked(),导致未定义行为。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-42199
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42199
请登录查看更多情报信息。
- Release v1.0.1 · becheran/grid · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-42199
IV. Related Vulnerabilities
Same weakness: CWE-190
- CVE-2026-7568
Signed integer overflow in metaphone() - CVE-2026-42311
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Ove - CVE-2026-42308
Pillow: Integer overflow when processing fonts - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-42217
OpenEXR: Shift exponent overflow in `readVariableLengthInteg
V. Comments for CVE-2026-42199
No comments yet