CVE-2026-5928

Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44

Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read bytes before an allocated buffer. This occurs due to a bug in the wide character pushback implementation IO wdefault pbackfail() in libio/wgenops.c, which causes ungetwc() to use the regular character buffer fp-> IO read ptr instead of the wide-stream read pointer fp-> wide data-> IO read ptr. This may result in a program crash if fp-> IO read ptr is NULL or the unintentional disclosure of neighboring data in the heap. This issue requires a specific character encoding where single byte and multibyte representations overlap, creating spurious matches, a condition not present in standard Unicode character sets.

Recommendations Update to a version newer than 2.43.