CVE 9.1 CRITICAL

Heap overflow in libnv_CVE-2026-35547

April 30, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Description

When processing the header of an incoming message, libnv failed to properly validate the message size.

The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.

AI Analysis

Heap overflow vulnerability in libnv due to improper message size validation, potentially allowing privilege escalation.

Basic Information

ID CVE-2026-35547

Source freebsd

Published Apr 30, 2026 at 08:08

Modified Apr 30, 2026 at 13:12

Affected Product

Vendor FreeBSD

Product FreeBSD

Version 15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE, 13.5-RELEASE

Affected Versions FreeBSD FreeBSD 15.0-RELEASE
FreeBSD FreeBSD 14.4-RELEASE
FreeBSD FreeBSD 14.3-RELEASE
FreeBSD FreeBSD 13.5-RELEASE

CWE Classification

CWE-122 CWE-130

AI Assessment

AI Score 9.1 / 10

AI Severity CRITICAL

Vendor FreeBSD

Product libnv

Version 15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE, 13.5-RELEASE

References

security.freebsd.org /advisories/FreeBSD-SA-26:17.libnv.asc

{
    "lastseen": "",
    "description": "When processing the header of an incoming message, libnv failed to properly validate the message size.\n\nThe lack of validation allows a malicious program to write outside the bounds of a heap allocation.  This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.",
    "published": "2026-04-30T08:08:13.461Z",
    "modified": "2026-04-30T13:12:25.493Z",
    "type": "cve",
    "title": "Heap overflow in libnv",
    "source": "freebsd",
    "references": "https://security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc",
    "id": "CVE-2026-35547",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122",
        "CWE-130"
    ],
    "cvelist": null,
    "sourceData": "FreeBSD FreeBSD 15.0-RELEASE\nFreeBSD FreeBSD 14.4-RELEASE\nFreeBSD FreeBSD 14.3-RELEASE\nFreeBSD FreeBSD 13.5-RELEASE",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreeBSD",
    "version": "15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE, 13.5-RELEASE",
    "vendor": "FreeBSD",
    "ai_description": "Heap overflow vulnerability in libnv due to improper message size validation, potentially allowing privilege escalation.",
    "ai_severity": "CRITICAL",
    "ai_vendor": "FreeBSD",
    "ai_product": "libnv",
    "ai_version": "15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE, 13.5-RELEASE",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply