CVE-2026-22188
Modified Modified - Updated After Analysis
Unbounded Stack Allocation DoS in Panda3D deploy-stub

Publication date: 2026-01-07

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22188
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
panda3d panda3d to 1.10.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CWE-457 The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22188 is a denial of service vulnerability in Panda3D versions up to 1.10.16, specifically in the deploy-stub executable. The issue arises because the deploy-stub uses the alloca() function to allocate stack memory for argv_copy and argv_copy2 based directly on the attacker-controlled argc value without any validation or bounds checking. This allows an attacker to supply a large number of command-line arguments, which exhausts the stack space and causes uninitialized stack memory to propagate into the Python interpreter initialization. This leads to reliable crashes, undefined behavior, and memory corruption during the initialization of the Python interpreter within deploy-stub. [2, 3]

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the deploy-stub executable reliably. By supplying a large number of command-line arguments, an attacker can exhaust the stack space, leading to stack exhaustion and use of uninitialized memory. This results in memory corruption, undefined behavior, and a crash of the Panda3D deploy-stub process. The impact is local and does not require authentication, but it can disrupt the normal operation of applications using Panda3D's deploy-stub. [2, 3]

Detection Guidance

This vulnerability can be detected by attempting to run the vulnerable deploy-stub executable with a large number of command-line arguments to observe if it crashes or exhibits undefined behavior. For example, you can execute a command like `./deploy-stub $(printf 'A %.0s' {1..50000})` to trigger the stack exhaustion and check for a denial of service or crash. Monitoring for crashes or abnormal behavior of deploy-stub when processing many arguments can indicate the presence of this vulnerability. [3]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the vulnerable deploy-stub executable with untrusted or large numbers of command-line arguments. Restrict or sanitize input to ensure that the number of arguments passed to deploy-stub is within safe limits. Additionally, updating Panda3D to a version later than 1.10.16 where this vulnerability is fixed (if available) is recommended. If an update is not immediately possible, consider applying any available patches or workarounds provided by the Panda3D community or maintainers. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22188. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart