Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed

The maintainers of the GNU C Library (glibc), the core library that underpins the vast majority of Linux-based systems, have disclosed details on two security vulnerabilities ranging from high-severity heap corruption to information leaks. The flaws affect a wide swath of versions, with one bug dating back to glibc version 2.0.

While both vulnerabilities offer dangerous potential outcomes—such as heap corruption and ASLR bypass—the technical prerequisites for exploitation are steep, potentially limiting their impact in the wild.

The more severe of the two issues is CVE-2026-0861, carrying a high CVSS score of 8.4. This vulnerability involves an integer overflow within the library’s memory alignment functions: memalign, posix_memalign, and aligned_alloc .

The flaw affects glibc versions 2.30 through 2.42. If an attacker can force the application to pass a specific combination of arguments, the overflow can lead to heap corruption.

To trigger the crash, an attacker must have control over both the size and the alignment arguments. Furthermore, the size parameter must be incredibly large—close to PTRDIFF_MAX—to trigger the overflow.

The advisory notes that this is an “uncommon usage pattern,” as alignment arguments are typically fixed values like page sizes rather than user-controlled inputs.

The second vulnerability, CVE-2026-0915, is an information leak that has persisted in the library for decades, affecting versions 2.0 through 2.42.

This defect resides in the getnetbyaddr and getnetbyaddr_r functions. When these functions are called to query a “zero-valued network” (i.e., net == 0x0), and the system is configured to use a DNS backend, the function can accidentally pass unmodified stack contents to the DNS resolver .

This “stack content leaking” represents a loss of confidentiality for the host . While the data leak is spatially limited to the adjacent stack, savvy attackers could theoretically use the leaked pointer values to accelerate an ASLR (Address Space Layout Randomization) bypass.

Like the integer overflow, this flaw has a high barrier to entry. It requires an attacker to be in a position to “snoop between the application and the DNS server” to capture the leaked data, making the attack complexity high.

System administrators are advised to review the specific impact on their distributions and apply patches where available.

Related Posts:

• CVE-2024-2961 – glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately
• glibc Vulnerability Puts Millions of Linux Systems at Risk of Code Execution
• Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc
• glibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published
• CVE-2023-4911 (Looney Tunables): The Linux Vulnerability Exposing Major Systems