CVE-2026-53689

Published: Jun 10, 2026Modified: Jun 10, 2026Deferred

7.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

Exploitability: 1.6 / Impact: 5.5

Source: MITRE (Secondary)

Description

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.

Related CWEs

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (1)

https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f

Source: cve@mitre.org

Timeline

No history available yet.