Description
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.

Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
Published: 2026-01-14
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap Corruption
Action: Apply Patch
AI Analysis

Impact

An integer overflow occurs when the memalign family of functions (memalign, posix_memalign, aligned_alloc) in GNU C Library versions 2.30 through 2.42 receive an alignment argument that is too large. The overflow corrupts the heap, which can lead to arbitrary memory corruption. The weakness is a classic numeric value error (CWE‑190).

Affected Systems

The vulnerability affects the GNU C Library (glibc) for all platforms that rely on the vulnerable 2.30–2.42 releases. An application using these libc versions on any operating system that links to them is potentially exposed.

Risk and Exploitability

The CVSS score of 8.4 classifies this flaw as high severity. However, the EPSS score of less than 1% and the fact that the flaw is not listed in the CISA KEV catalog suggest that it is unlikely to be widely exploited in the near term. Exploitation requires the attacker to control both the size and alignment parameters of a memalign call, a scenario that is uncommon because alignment values are typically constrained by the application or system. An attacker would also need to trigger a prior vulnerability to supply a large alignment value. Consequently, while the impact should be treated seriously, the practical risk for most deployments remains moderate.

Generated by OpenCVE AI on April 18, 2026 at 06:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the system to glibc 2.43 or later, which contains the fix for this integer overflow
  • Audit application code to ensure that calls to memalign, posix_memalign, or aligned_alloc do not supply alignment values outside the typical range of a page size or structural alignment
  • If an upgrade is not immediately possible, add defensive checks to sanitize or clamp alignment inputs before they reach the glibc routines, and consider static analysis tools that flag suspicious alignment usage

Generated by OpenCVE AI on April 18, 2026 at 06:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Fri, 16 Jan 2026 18:30:00 +0000

Type Values Removed Values Added
References

Fri, 16 Jan 2026 15:00:00 +0000

Type Values Removed Values Added
Description Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
References

Fri, 16 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 15 Jan 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu glibc
Vendors & Products Gnu
Gnu glibc

Wed, 14 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Description Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.
Title Integer overflow in memalign leads to heap corruption
Weaknesses CWE-190
References

Subscriptions

Gnu Glibc
cve-icon MITRE

Status: PUBLISHED

Assigner: glibc

Published:

Updated: 2026-01-16T17:06:42.010Z

Reserved: 2026-01-12T14:35:11.285Z

Link: CVE-2026-0861

cve-icon Vulnrichment

Updated: 2026-01-16T17:06:42.010Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-14T21:15:52.617

Modified: 2026-02-03T18:26:25.390

Link: CVE-2026-0861

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-14T21:01:11Z

Links: CVE-2026-0861 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:15:15Z

Weaknesses