Description
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The relibc implementation of pthread_rwlockattr_setpshared includes a flaw that allows an attacker to trigger a denial of service by supplying a specially crafted input. The error causes the function to abort or hang, resulting in unresponsive threads or the crashing of the application that relies on the read‑write lock attributes.

Affected Systems

This vulnerability affects the relibc library used by Redox OS. The vulnerable commit is 61f42d; any installation that includes this version is potentially impacted. No broader vendor list is available.

Risk and Exploitability

The security rating is not publicly defined and the EPSS score is unavailable, meaning exploitation potential is uncertain. The vulnerability is present in userland code and is not listed in CISA's KEV catalog. To exploit it an attacker would need to supply crafted input to the pthread_rwlockattr_setpshared() call, which could be achieved by a local process with sufficient privileges or by an unauthenticated user if the application accepts external input.

Generated by OpenCVE AI on June 25, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update relibc to a version that includes the fix for the issue discussed in merge request 987.
  • Rebuild any dependent applications or system components using the patched relibc to ensure the vulnerability is no longer present.
  • If an immediate update is infeasible, restrict the usage of the vulnerable function by applying process isolation or strict resource limits to mitigate potential denial of service attacks.

Generated by OpenCVE AI on June 25, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Input to pthread_rwlockattr_setpshared in relibc
Weaknesses CWE-20

Thu, 25 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-25T20:21:58.022Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38637

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:30:15Z

Weaknesses
  • CWE-20

    Improper Input Validation