CVE-2026-45252— Heap overflow in FUSE_LISTXATTR
Possible ATT&CK Techniques 2AI
T1552 · Unsecured Credentials T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45252
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap overflow in FUSE_LISTXATTR
Source: NVD (National Vulnerability Database)
Vulnerability Description
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
FreeBSD 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞,该漏洞源于在处理扩展属性时,内核模块未验证守护进程返回的列表是否以NUL结尾,可能导致越界读取堆分配缓冲区并越界写入第二个缓冲区,恶意守护进程可泄露最多253字节内核堆内存或注入最多250字节攻击者控制的数据到未分配内核堆空间。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45252
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45252
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-45252 (1)
Same Patch Batch · FreeBSD · 2026-05-21 · 7 CVEs total
| CVE-2026-45250 | Stack buffer overflow via setcred(2) | |
| CVE-2026-45255 | Remote code execution via installer Wi-Fi access point scans | |
| CVE-2026-45251 | Kernel use-after-free via file descriptor syscalls | |
| CVE-2026-45253 | Missing validation in ptrace(PT_SC_REMOTE) | |
| CVE-2026-45254 | Incorrect libcap_net limitation list manipulation | |
| CVE-2026-39461 | select(2) file descriptor set overflow causes stack overflow |
IV. Related Vulnerabilities
Same product: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45251
Kernel use-after-free via file descriptor syscalls
Same vendor: FreeBSD
- CVE-2026-45254
Incorrect libcap_net limitation list manipulation - CVE-2026-45255
Remote code execution via installer Wi-Fi access point scans - CVE-2026-39461
select(2) file descriptor set overflow causes stack overflow - CVE-2026-45253
Missing validation in ptrace(PT_SC_REMOTE) - CVE-2026-45251
Kernel use-after-free via file descriptor syscalls
Same weakness: CWE-122
- CVE-2026-9365
Ettercap GG Dissector ec_gg.c FUNC_DECODER heap-based overfl - CVE-2026-9256
NGINX ngx_http_rewrite_module vulnerability - CVE-2026-8997
Heap Buffer Overflow in vifm - CVE-2026-44050
Heap buffer overflow in CNID daemon comm_rcv() - CVE-2026-9149
Libsolv: heap buffer overflow in libsolv repo_add_solv via n
V. Comments for CVE-2026-45252
No comments yet