Description
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-06-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The relibc implementation of pthread_rwlockattr_setpshared includes a flaw that allows an attacker to trigger a denial of service by supplying a specially crafted input. The error causes the function to abort or hang, resulting in unresponsive threads or the crashing of the application that relies on the read‑write lock attributes.

Affected Systems

This vulnerability affects the relibc library used by Redox OS. The vulnerable commit is 61f42d; any installation that includes this version is potentially impacted. No broader vendor list is available.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, while the EPSS score of <1% suggests a low The vulnerability is present in userland code and is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker would need to supply crafted input to the pthread_rwlockattr_setpshared() call to trigger the denial of service. The likely attack vector could involve a local process with sufficient privileges, or an unauthenticated user if the application accepts external input.

Generated by OpenCVE AI on June 26, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update relibc to a version that includes the fix for the issue discussed in any dependent applications or relibc to ensure the vulnerability is no longer present.
  • If an immediate update is infeasible, restrict the usage of the vulnerable function by applying process isolation or strict resource limits to mitigate potential denial of service attacks.
  • Modify applications that use pthread_rwlockattr_setpshared to perform input validation or protective checks before passing parameters, reducing the chance that malformed inputs trigger the DoS.

Generated by OpenCVE AI on June 26, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Input in relibc pthread_rwlockattr_setpshared

Fri, 26 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Input to pthread_rwlockattr_setpshared in relibc
Weaknesses CWE-20

Fri, 26 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redox-os
Redox-os relibc
Vendors & Products Redox-os
Redox-os relibc

Thu, 25 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Input to pthread_rwlockattr_setpshared in relibc
Weaknesses CWE-20

Thu, 25 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-26T14:08:08.835Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38637

cve-icon Vulnrichment

Updated: 2026-06-26T14:08:04.118Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T19:00:04Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption