Description
A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-02-18
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Denial of Service via null pointer dereference
Action: Assess Impact
AI Analysis

Impact

The vulnerability exists in the ggreer the_silver_searcher tool, specifically within the search_stream function in src/search.c. An attacker can trigger a null pointer dereference, causing the application to crash. The flaw relates to improper handling of null pointers (CWE-476) and missing resource validation (CWE-404). This results in a local denial of service condition rather than a compromise of confidentiality or integrity.

Affected Systems

The affected product is the_silver_searcher from vendor ggreer, versions up to 2.2.0. Users running any release 2.2.0 or earlier are at risk.

Risk and Exploitability

The CVSS score of 4.8 reflects a moderate severity, while the EPSS score of less than 1% indicates a very low likelihood of exploitation. The vulnerability requires local access and has not been reported in CISA’s KEV catalog. Exploitation would lead to a crash of the application, but cannot be used for remote code execution or privilege escalation.

Generated by OpenCVE AI on April 18, 2026 at 17:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest release of the_silver_searcher (≥ 2.2.1) once a patch is available.
  • If an upgrade is not immediately possible, avoid invoking the search_stream function with empty or malformed streams to reduce the risk of a crash.
  • Monitor system logs for crashes or segmentation faults related to the_silver_searcher and report findings to the project maintainers to encourage an expedited fix.

Generated by OpenCVE AI on April 18, 2026 at 17:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Ggreer
Ggreer the Silver Searcher
Vendors & Products Ggreer
Ggreer the Silver Searcher

Wed, 18 Feb 2026 06:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title ggreer the_silver_searcher search.c search_stream null pointer dereference
Weaknesses CWE-404
CWE-476
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Ggreer The Silver Searcher
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:16:52.911Z

Reserved: 2026-02-17T20:28:45.707Z

Link: CVE-2026-2642

cve-icon Vulnrichment

Updated: 2026-02-18T20:25:23.783Z

cve-icon NVD

Status : Deferred

Published: 2026-02-18T07:16:10.980

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses