High severity7.5NVD Advisory· Published Mar 31, 2026· Updated Apr 1, 2026
CVE-2026-5190
CVE-2026-5190
Description
Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages.
To remediate this issue, users should upgrade to version 0.6.0 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 1 more
- (no CPE)
- (no CPE)range: <0.6.0
- osv-coords2 versionspkg:rpm/opensuse/aws-c-event-stream&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/aws-c-event-stream&distro=openSUSE%20Tumbleweed
< 0.4.2-bp160.2.1+ 1 more
- (no CPE)range: < 0.4.2-bp160.2.1
- (no CPE)range: < 0.7.0-1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.