CVE-2026-39461
Stack Corruption in libcasper via FD_SETSIZE Bypass
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: FreeBSD
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freebsd | libcasper | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39461 is a vulnerability in FreeBSD's libcasper library where it improperly handles file descriptors when using the select(2) system call. Specifically, libcasper does not verify that its socket descriptor is within the allowed limit of 1024 descriptors (FD_SETSIZE).
An attacker can exploit this by causing an application that uses libcasper to allocate large file descriptors, for example by opening many descriptors and running a program that does not close them properly. This can lead to stack corruption.
If the affected application runs with setuid root privileges, this stack corruption can be used to escalate local privileges.
How can this vulnerability impact me? :
This vulnerability can lead to stack corruption in applications using libcasper, which may result in local privilege escalation if the application runs with setuid root privileges.
An attacker with local access could exploit this flaw to gain higher privileges on the system, potentially compromising system security and control.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific detection method or commands provided to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the patches released by the FreeBSD Project for the stable and release branches.
Users are advised to upgrade their systems to a corrected version using pkg or freebsd-update utilities.
No workaround is available, so applying the official patches or updates is the recommended immediate step.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.