Description
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS).
All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment.
Published: 2026-06-16
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow exists in the Jansi JNI ioctl wrapper because the argument array size is not verified before the system call, which can corrupt heap memory and cause application crashes. The resulting denial of service occurs when an affected program is terminated by the overflow. This weakness is classified as buffer overflow (CWE-122).

Affected Systems

The library is distributed by FuseSource as Jansi, and all released versions are believed to be vulnerable. The project has become unmaintained at the time of this CVE assignment, meaning that no official patch or update is available for the affected codebase.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity; the EPSS <1% suggests a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is an application that incorporates Jansi into its runtime; exploitation would require triggering the wrapped ioctl call with an oversized argument array, which would result in heap corruption and a crash. Since no patch exists, users must rely on mitigation steps rather than an official fix.

Generated by OpenCVE AI on June 17, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify all software components that depend on Jansi and document their usage.
  • Remove or replace Jansi with a maintained alternative or a patched fork that includes bounds checking on the ioctl wrapper.
  • If removal is not feasible, isolate the affected applications in a sandboxed environment (e.g., containers or chroot) to contain potential heap corruption and mitigate the impact of a crash.
  • Monitor application logs and crash reports continuously to detect and respond to any runtime failures that may indicate exploitation.

Generated by OpenCVE AI on June 17, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Fusesource
Fusesource jansi
Vendors & Products Fusesource
Fusesource jansi

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment.
Title Heap buffer overflow in Jansi
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Fusesource Jansi
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-16T12:15:30.337Z

Reserved: 2026-05-13T14:47:20.636Z

Link: CVE-2026-8484

cve-icon Vulnrichment

Updated: 2026-06-16T12:15:23.476Z

cve-icon NVD

Status : Deferred

Published: 2026-06-16T12:16:26.730

Modified: 2026-06-16T15:41:12.897

Link: CVE-2026-8484

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:05:16Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow