Description
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is located in the DSO::mmap_and_copy function of the relibc library. A specially crafted shared library can cause the system to crash, resulting in a denial of service. The weakness is a memory corruption that manifests when the loader processes a malicious library, and it is classified as CWE‑404.

Affected Systems

Based on the provided references, it appears that the relibc library within the Redox OS project, particularly the commit 61f42d, is affected. This attribution is inferred from the repository links, as no vendor is explicitly listed.

Risk and Exploitability

The exploit requires the ability to load or influence the loading of a malformed shared library. Because the flaw resides in a user‑space loader routine, the attack vector is likely local or through a compromised application that accepts user‑supplied libraries. EPSS data indicates an exploitation probability of less than 1%, the vulnerability is not listed in KEV, and the CVSS score is 7.5, but the DoS impact can affect system availability and disrupt services.

Generated by OpenCVE AI on June 29, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch referenced in merge request 1046, which updates the mmap_and_copy function in relibc.
  • Replace the current relibc package with the fixed version in the Redox OS repository or roll back to a previous stable build until the patch is applied.
  • After updating, restart any services that depend on relibc to ensure the new library is loaded into memory, thereby preventing the denial of service attack.

Generated by OpenCVE AI on June 29, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Malformed Shared Library in Redox OS relibc

Mon, 29 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Shared Library in relibc mmap_and_copy Function
Weaknesses CWE-122

Mon, 29 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 27 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Redox-os
Redox-os relibc
Vendors & Products Redox-os
Redox-os relibc

Fri, 26 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Shared Library in relibc mmap_and_copy Function
Weaknesses CWE-122

Fri, 26 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-29T13:51:50.173Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38641

cve-icon Vulnrichment

Updated: 2026-06-29T13:44:52.940Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T18:30:06Z

Weaknesses
  • CWE-404

    Improper Resource Shutdown or Release