Description
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
Published: 2026-06-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is located in the DSO::mmap_and_copy function of the relibc library. A specially crafted shared library can cause the system to crash, resulting in a denial of service. The weakness is a memory corruption that manifests when the loader processes a malicious library, and it is classified as CWE‑122.

Affected Systems

Affected components include the relibc library of the Redox OS project. The vulnerability is present in the commit identified by 61f42d and was addressed in a subsequent merge request. No other vendors or products are listed as impacted.

Risk and Exploitability

The exploit requires the ability to load or influence the loading of a malformed shared library. Because the flaw resides in a user‑space loader routine, the attack vector is likely local or through a compromised application that accepts user‑supplied libraries. EPSS data is not available, the vulnerability is not listed in KEV, and no CVSS score was supplied, but the DoS impact can affect system availability and disrupt services.

Generated by OpenCVE AI on June 26, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch referenced in merge request 1046, which updates the mmap_and_copy function in relibc.
  • Replace the current relibc package with the fixed version in the Redox OS repository or rolling back to a previous stable build until the patch is applied.
  • After updating, restart any services that depend on relibc to ensure the new library is loaded into memory, thereby preventing the denial of service attack.

Generated by OpenCVE AI on June 26, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Shared Library in relibc mmap_and_copy Function
Weaknesses CWE-122

Fri, 26 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-26T20:31:50.983Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38641

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T22:45:05Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow