CVE-2026-39461
Essential information
- Published
- 21/05/2026 10:16
- Modified
- 21/05/2026 19:01
- Author
- —
- Creator
- —
- CVSS
- 8.8 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- CHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024).
An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p12:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p13:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.4:p3:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.4:p4:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p7:*:*:*:*:*:* |
| freebsd / freebsd | cpe:2.3:o:freebsd:freebsd:15.0:p8:*:*:*:*:*:* |