CVE-2026-8484
Received Received - Intake
Heap Buffer Overflow in Jansi JNI Wrapper

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: CERT.PL

Description
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable.Β This project is unmaintained at the time of CVE assignment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-8484
EUVD
EUVD-2026-37064
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fusesource jansi to 2.4.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8484 is a heap-based buffer overflow vulnerability in the Jansi library, specifically in the JNI ioctl() wrapper.

The vulnerability occurs because the size of the argument array is not properly verified before making the system call, which can cause heap corruption.

This heap corruption can lead to application crashes, resulting in a Denial of Service (DoS).

All versions of the Jansi library up to and including 2.4.3 are believed to be vulnerable, and the project is currently unmaintained.

Impact Analysis

This vulnerability can cause heap corruption in applications using the vulnerable Jansi library.

The primary impact is application crashes, which can lead to Denial of Service (DoS), disrupting normal operation.

Since the project is unmaintained, there may be no official fixes or patches available, increasing the risk for affected users.

Mitigation Strategies

The Jansi project is currently unmaintained, and all versions up to 2.4.3 are vulnerable to this heap buffer overflow. Immediate mitigation steps include migrating away from the vulnerable Jansi library to a maintained alternative, such as the merged project org.jline:jansi.

Since no patch or update is available due to the project being unmaintained, users should remove or replace the vulnerable library from their applications to prevent exploitation.

Compliance Impact

The provided information does not specify any direct impact of this heap buffer overflow vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8484. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart