Description
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.
Published: 2026-04-28
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: Buffer overflow from TSIG printing functions
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists in the deprecated ndns printing functions ns_printrrf, ns_printrr, and fp_nquery of the GNU C Library, starting with version 2.2. The functions do not check the size of the caller-supplied buffer, which can cause an out‑of‑bounds write when printing TSIG records. This memory corruption could lead to data corruption, unstable behaviour, or exploitation that allows arbitrary code execution, depending on the attacker’s ability to control the input data.

Affected Systems

All systems that use the GNU C Library (glibc) version 2.2 or newer are affected, regardless of the distribution or operating system. The vulnerability is tied to the built‑in DNS module that processes TSIG records.

Risk and Exploitability

The CVSS score of 7.3 indicates a high risk level. EPSS is not available, and the vulnerability is not listed in CISA KEV, implying no known active exploitation yet. The likely attack vector is via a crafted DNS query containing a malicious TSIG record, so network‑based administrators should monitor outgoing DNS traffic for suspicious characteristics. The magnitude of impact could be system‑wide if the corrupted memory affects critical library functions.

Generated by OpenCVE AI on April 28, 2026 at 19:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the GNU C Library to the latest available version from the vendor or your distribution’s package manager, which includes the required safety checks.
  • Re‑start all services that link against glibc after the upgrade to ensure the new library is loaded into memory.
  • If an immediate upgrade is not possible, consider temporarily disabling TSIG record processing or restricting DNS traffic from untrusted sources to reduce exposure.

Generated by OpenCVE AI on April 28, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Tue, 28 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared The Gnu C Library
The Gnu C Library glibc
Vendors & Products The Gnu C Library
The Gnu C Library glibc

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.
Title Potential buffer overflow in ns_sprintrrf TSIG handling path
Weaknesses CWE-787
References

Subscriptions

The Gnu C Library Glibc
cve-icon MITRE

Status: PUBLISHED

Assigner: glibc

Published:

Updated: 2026-04-28T15:21:13.800Z

Reserved: 2026-04-02T17:18:02.654Z

Link: CVE-2026-5435

cve-icon Vulnrichment

Updated: 2026-04-28T15:21:08.263Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T13:19:22.290

Modified: 2026-04-28T20:23:20.703

Link: CVE-2026-5435

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:30:27Z

Weaknesses