CVE-2026-33147
Stack-Based Buffer Overflow in GMT Remote Dataset Handling
Publication date: 2026-03-20
Last updated on: 2026-03-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| generic-mapping-tools | gmt | to 6.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33147 is a stack-based buffer overflow vulnerability in the Generic Mapping Tools (GMT) software, specifically in the function gmt_remote_dataset_id within the source file src/gmt_remote.c.
The vulnerability occurs because the code uses an unsafe string copy operation (strcpy) to copy a dataset identifier string into a fixed-size stack buffer without checking the length of the input. If a specially crafted long string is provided, it can overflow the buffer.
This overflow can cause the program to crash or potentially allow an attacker to execute arbitrary code by overwriting the stack frame, including the return address.
The issue was fixed by replacing the unsafe strcpy call with a bounded copy using strncpy and explicitly null-terminating the buffer to prevent overflow.
How can this vulnerability impact me? :
This vulnerability can impact users or applications that use GMT, especially through its C API or higher-level interfaces like PyGMT, when processing untrusted dataset names.
- It can cause the GMT program to crash, resulting in Denial of Service.
- In certain environments, it may allow an attacker to execute arbitrary code, potentially compromising system integrity.
- The vulnerability has a high severity score (CVSS 7.3) with low attack complexity and requires no privileges or user interaction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for crashes or abnormal behavior in GMT when processing dataset identifiers, especially those passed via the which module or the C API.'}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit was demonstrated using a Python script with the PyGMT library that sends a specially crafted long string (e.g., 4096 "A" characters followed by fake return addresses) to trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'Using AddressSanitizer (ASan) during testing can help detect stack buffer overflow conditions in the gmt_remote_dataset_id function.'}, {'type': 'paragraph', 'content': "Suggested commands include running tests with ASan enabled or using a Python script to pass an overly long dataset identifier string to GMT's which module or C API to observe if a crash or memory error occurs."}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to update GMT to a version that includes the patch fixing this vulnerability.'}, {'type': 'paragraph', 'content': 'The vulnerability was patched by replacing unsafe strcpy calls with bounded strncpy calls and explicit null-termination to prevent buffer overflow.'}, {'type': 'paragraph', 'content': "Until an updated version is available, avoid processing untrusted or specially crafted long dataset identifier strings via GMT's which module or C API."}, {'type': 'paragraph', 'content': 'Additionally, consider running GMT in a controlled environment with memory safety tools like AddressSanitizer to detect potential exploitation attempts.'}] [1, 2]