CVE-2026-35547
Heap Buffer Overflow in libnv Message Processing
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: FreeBSD
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-130 | The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a heap overflow in the libnv library, which is responsible for storing and exchanging name-value pairs and supports inter-process communication (IPC) mechanisms.
The issue arises because libnv fails to properly validate the size of incoming message headers. This lack of validation allows a malicious program to write data outside the bounds of allocated heap memory.
As a result, this can cause system crashes or panics, and it may also allow an unprivileged user to exploit the bug to escalate their privileges.
How can this vulnerability impact me? :
The vulnerability can impact you by causing system instability such as crashes or panics due to heap memory corruption.
More seriously, it may allow an unprivileged user to exploit the vulnerability to gain elevated privileges, potentially compromising system security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to upgrade to patched versions of FreeBSD 13, 14, or 15.
Patches are available for direct application, and systems can be updated via pkg, freebsd-update, or by recompiling from source.
No workaround exists, so applying the official patches or upgrading is the immediate recommended action.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.