Description
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
Published: 2026-01-07
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The deploy‑stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy‑stub executable allocates argv_Copy and argv_Copy2 using alloca() based directly on the attacker‑controlled argc value without validation. Supplying a large number of command‑line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.

Affected Systems

The vulnerability is present in Panda3D across all supported platforms that ship the deploy‑stub component. It affects any deployment of Panda3D version 1.10.16 or earlier, regardless of operating system, since the affected binary is included in all builds of the distribution.

Risk and Exploitability

The set of weaknesses that enable this vulnerability align with CWE-457, CWE-789, and CWE-908, describing reliance on dynamic stack allocation, stack overflows, and lack of bounds checking. The CVSS base score of 6.9 indicates medium impact severity, while the EPSS score of less than 1% suggests that exploitation likelihood is currently very low. The vulnerability is not listed in the CISA KEV catalog, implying no documented active exploitation has been observed. Based on the description, a likely attack vector is local command‑line manipulation, allowing an adversary controlling execution of the deploy‑stub to trigger the crash without network access or additional privileges. The consequence is a denial of service for the affected process, potentially interrupting game or simulation deployments.

Generated by OpenCVE AI on May 26, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Panda3D to version 1.10.17 or later where the deploy‑stub has been patched to validate argument count before stack allocation
  • If an upgrade is not immediately possible, limit the number of arguments passed to deploy‑stub to a safe threshold below the stack size limit and monitor for crashes in the process logs
  • Configure the deployment environment to restrict the user’s ability to execute deploy‑stub with arbitrary arguments, such as by enforcing command‑line input validation or running the stub in a sandboxed context

Generated by OpenCVE AI on May 26, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior. The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.

Mon, 12 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Cmu
Cmu panda3d
Weaknesses CWE-908
CPEs cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*
Vendors & Products Cmu
Cmu panda3d
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 08 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Panda3d
Panda3d panda3d
Vendors & Products Panda3d
Panda3d panda3d

Wed, 07 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
Description Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
Title Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()
Weaknesses CWE-457
CWE-789
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Cmu Panda3d
Panda3d Panda3d
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T11:51:55.520Z

Reserved: 2026-01-06T16:47:17.183Z

Link: CVE-2026-22188

cve-icon Vulnrichment

Updated: 2026-01-07T21:23:10.082Z

cve-icon NVD

Status : Modified

Published: 2026-01-07T21:16:02.747

Modified: 2026-05-26T14:16:28.310

Link: CVE-2026-22188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T15:30:08Z

Weaknesses