libnv
by FreeBSD
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45288 | Hig | 0.55 | 8.4 | 0.00 | Sep 5, 2024 | A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. | ||
| CVE-2026-39457 | Hig | 0.51 | 7.8 | 0.00 | Apr 30, 2026 | When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application… | ||
| CVE-2024-45287 | Hig | 0.49 | 7.5 | 0.01 | Sep 5, 2024 | A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. |
- risk 0.55cvss 8.4epss 0.00
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
- risk 0.51cvss 7.8epss 0.00
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application…
- risk 0.49cvss 7.5epss 0.01
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.