CVE-2026-3904
Use-After-Free in GNU C Library memcmp Causes nscd Client Crash
Publication date: 2026-03-11
Last updated on: 2026-04-09
Assigner: GNU C Library
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | glibc | From 2.35 (inc) to 2.37 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-366 | If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability occurs in the GNU C Library (glibc) version 2.36 and 2.35 branches when using NSS-backed functions that support caching via the Name Service Cache Daemon (nscd). Under high load on x86_64 systems, the nscd client may call the memcmp function on inputs that are concurrently modified by other processes or threads. This causes undefined behavior that can lead to a crash of the nscd client and the application using it.
The root cause is an optimized implementation of memcmp introduced in glibc 2.36 for x86_64, which can crash when invoked with concurrently modified inputs. Although spurious cache misses caused by concurrent modification are not a security issue by themselves, this specific memcmp implementation can cause a crash, turning it into a denial-of-service problem.
The issue was fixed and the fix backported to all vulnerable branches of glibc. Distributions that cherry-picked the memcpy SSE2 optimization are advised to apply the fix to avoid potential crashes.
How can this vulnerability impact me? :
This vulnerability can cause applications that use the nscd client in affected versions of the GNU C Library to crash under high load on x86_64 systems. This crash results from the memcmp function being called on inputs that are concurrently modified, leading to undefined behavior and application termination.
The impact is primarily a denial-of-service (DoS) condition where the affected application or service becomes unavailable due to unexpected crashes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is advised to apply the fix backported to all vulnerable branches in the GNU C Library repository.
Distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library should also apply the fix to avoid potential crashes in the nscd client.