一、 漏洞 CVE-2026-0861 基础信息
漏洞信息
# memalign整数溢出导致堆损坏
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Integer overflow in memalign leads to heap corruption
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
整数溢出或超界折返
来源:美国国家漏洞数据库 NVD
漏洞标题
GNU C Library 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
GNU C Library是GNU社区的一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.30版本至2.42版本存在安全漏洞,该漏洞源于向memalign系列函数传递过大的对齐值可能导致整数溢出,进而导致堆损坏。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2026-0861 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2026-0861 的情报信息
标题: Oh noes! -- 🔗来源链接
标签:
神龙速读:- **Access Control Issue**: The web page displays an "Access Denied" message, indicating a user attempted an unauthorized action, potentially due to a lack of proper authentication or authorization checks. - **Error Code**: The error code `4d1dbaddfcc0f385` could be a unique identifier for the access denial, useful for troubleshooting and correlating with server logs. - **Software Information**: The page reveals that it is protected by Anubis from Techaro and is running Anubis version `1.24.0`. This information can be exploited to identify known vulnerabilities associated with this version of Anubis. - **Email Exposure**: The presence of an email address (`admin-requests@sourceware.org`) on an error page can be a security risk as it provides contact information that could be used by malicious actors for phishing or social engineering attacks. - **Lack of Detailed Error Messages for Users**: The page does not provide detailed error messages to users, which is a good practice to prevent information leakage, but for debugging, more specific details might be necessary which administrators would obtain from server logs.
标题: Oh noes! -- 🔗来源链接
标签:
神龙速读:从该网页截图中可获取到以下关键信息: - **访问被拒绝**:页面显示“Access Denied”。 - **错误代码**:`4d1dbaddfcc0f385`。 - **Web防护系统**:网站受`Anubis`保护,由`Techaro`提供。 - **技术信息**:网站运行`Anubis`版本`1.24.0`。 - **版权信息**:此网页的主题设计由`CELPHASE`贡献。 - **联系方式**:如有访问问题,可发送邮件至`admin-requests@sourceware.org`。
- https://nvd.nist.gov/vuln/detail/CVE-2026-0861
四、漏洞 CVE-2026-0861 的评论
匿名用户
2026-01-15 06:08:03Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.