PT-2026-52694 · Libnfs · Libnfs
Published
2026-06-26
·
Updated
2026-06-26
·
CVE-2026-57918
CVSS v3.1
7.1
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
libnfs versions prior to 6.0.2
Description
An integer underflow occurs in the
READ IOVEC section of the rpc read from socket() function within lib/socket.c. This issue is triggered during a connection to a crafted NFS server when the expected PDU (Protocol Data Unit) size exceeds the absolute PDU size derived from the xid/record-marker.Recommendations
Update libnfs to a version later than 6.0.2.
Fix
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libnfs