Bug 2479777 - CVE-2026-8836 ocproxy: lwIP: Remote code execution via stack-based buffer overflow in SNMPv3 USM Handler [fedora-all]
Summary: CVE-2026-8836 ocproxy: lwIP: Remote code execution via stack-based buffer ove...
Keywords:
Status: ASSIGNED
Alias: None
Product: Fedora
Classification: Fedora
Component: ocproxy
Version: rawhide
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
Assignee: Raphael Groner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["82c62260-a724-4853-8731-0...
Depends On:
Blocks: CVE-2026-8836
TreeView+ depends on / blocked
 
Reported: 2026-05-19 10:32 UTC by Dhananjay Arunesh
Modified: 2026-05-19 16:28 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2026-05-19 10:32:05 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Raphael Groner 2026-05-19 16:28:33 UTC
Upstream has fixed.

https://github.com/lwip-tcpip/lwip/commit/0c957ec03054eb6c8205e9c9d1d05d90ada3898c

Todo unbundle lwip into separate package with patches applied, there are also another security issues.


Note You need to log in before you can comment on or make changes to this bug.