CVE-2026-24814
Integer Overflow in Swoole hiredis Module Before
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| swoole | swoole-src | to 6.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the `sdsMakeRoomFor` function of the Swoole project. It occurs because the function lacked adequate safety checks, which can lead to an integer overflow during memory allocation. This overflow can cause improper bounds checking and potentially result in heap corruption, compromising the stability and security of the affected software. [1]
How can this vulnerability impact me? :
The integer overflow can lead to heap corruption, which may allow attackers to cause crashes, execute arbitrary code, or escalate privileges within the affected system. This can compromise the confidentiality, integrity, and availability of the system running the vulnerable Swoole version before 6.0.2. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update swoole-src to version 6.0.2 or later, which includes the patch fixing the integer overflow in the _sdsMakeRoomFor function. Applying this update will prevent the integer overflow and potential heap corruption caused by the vulnerability. [1]