Bug 2461639 (CVE-2026-41907)
| Summary: | CVE-2026-41907 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aadhikar, aazores, abarbaro, abrianik, abuckta, adudiak, alcohan, alizardo, amctagga, anjoseph, anpicker, anthomas, aoconnor, asoldano, bbaranow, bbrownin, bdettelb, bmaxwell, bniver, bparees, brasmith, bsmejkal, bstansbe, caswilli, cdrage, chfoley, cmah, cmyers, cochase, dhanak, dkuc, dlofthou, dnakabaa, doconnor, dranck, drosa, dschmidt, dsimansk, dymurray, eaguilar, ebaron, ehelms, erezende, ewittman, fdeutsch, flucifre, ggainey, ggrzybek, gmalinko, gmeno, gotiwari, gparvin, groman, hasun, ibek, ibolton, istudens, ivassile, iweiss, jachapma, janstey, jbalunas, jchui, jfula, jgrulich, jhe, jhorak, jkoehler, jlanda, jmatthew, jmontleo, jolong, jowilson, jprabhak, jraez, jrokos, juwatts, jwong, kaycoth, kingland, kshier, ktsao, kverlaen, lchilton, lcouzens, lphiri, manissin, mbarnett, mbenjamin, mhackett, mhulan, mnovotny, mosmerov, mreynolds, mstipich, msvehla, mvyas, nboldt, nipatil, nmoumoul, nwallace, nyancey, oaljalju, omaciel, ometelka, orabin, oramraz, osousa, pahickey, pantinor, parichar, pberan, pcreech, pdelbell, pesilva, pgaikwad, pjindal, pmackay, progier, psrna, ptisnovs, rchan, rexwhite, rgodfrey, rhaigner, rhel-process-autobot, rjohnson, rkubis, rstancel, rstepani, rushinde, sausingh, sdawley, sdoran, sfeifer, simaishi, slucidi, smaestri, smallamp, smcdonal, smullick, snegrini, sostapov, spichugi, sseago, stcannon, sthirugn, stirabos, swoodman, syedriko, tasato, tbordaz, teagle, thason, thjenkin, tmalecek, tpopela, ttakamiy, vashirov, vdosoudi, vereddy, watson-tool-maintainers, wtam, xdharmai, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in uuid. The library's versions v3, v5, and v6 do not adequately check the size of external memory buffers provided by applications. This oversight allows the library to write data beyond the designated buffer limits without signaling an error. Such out-of-bounds writes can lead to data corruption, unintended information disclosure, or disrupt application availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-24 19:03:06 UTC
|