CVE-2026-0861
Integer overflow in memalign leads to heap corruption
Description
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
INFO
Published Date :
Jan. 14, 2026, 9:15 p.m.
Last Modified :
Feb. 3, 2026, 6:26 p.m.
Remotely Exploit :
No
Source :
3ff69d7a-14f2-4f67-a097-88dee7810d18
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update the GNU C Library to a version that includes the fix.
- Recompile and redeploy applications linked against the library.
Public PoC/Exploit Available at Github
CVE-2026-0861 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-0861.
| URL | Resource |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=33796 | Exploit |
| https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 | Patch |
| http://www.openwall.com/lists/oss-security/2026/01/16/5 | Mailing List Patch |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-0861 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-0861
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Python Shell HCL
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-0861 vulnerability anywhere in the article.
-
Daily CyberSecurity
Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed
The maintainers of the GNU C Library (glibc), the core library that underpins the vast majority of Linux-based systems, have disclosed details on two security vulnerabilities ranging from high-severit ... Read more
The following table lists the changes that have been made to the
CVE-2026-0861 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 03, 2026
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions from (including) 2.30 up to (including) 2.42 Added Reference Type GNU C Library: https://sourceware.org/bugzilla/show_bug.cgi?id=33796 Types: Exploit Added Reference Type GNU C Library: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 Types: Patch Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/01/16/5 Types: Mailing List, Patch -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jan. 16, 2026
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2026/01/16/5 -
CVE Modified by 3ff69d7a-14f2-4f67-a097-88dee7810d18
Jan. 16, 2026
Action Type Old Value New Value Changed Description Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments. Added Reference https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 14, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
New CVE Received by 3ff69d7a-14f2-4f67-a097-88dee7810d18
Jan. 14, 2026
Action Type Old Value New Value Added Description Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Added CWE CWE-190 Added Reference https://sourceware.org/bugzilla/show_bug.cgi?id=33796