Do Son 
The GNU C Library (glibc), a cornerstone of the Linux ecosystem, has issued a security advisory. The disclosure highlights vulnerabilities in long-deprecated functions that, while no longer recommended for use, still linger in many legacy applications.
The two newly identified flaws center on how the library handles specific DNS records, potentially leading to system crashes or memory exposure for applications still tied to these aging interfaces.
The first vulnerability, CVE-2026-5435 (CVSS 7.3), involves a potential buffer overflow in the ns_sprintrrf function when handling TSIG (Transaction Signature) records.
The technical breakdown reveals a failure in boundary enforcement. Within the TSIG handling path, ns_sprintrrf uses sprintf to perform a formatted write without verifying if there is enough space remaining in the buffer.
This can result in an out-of-bounds write of up to 6 bytes past the end of the buffer. If the process isn’t immediately terminated by the write, it may later trigger an assertion failure.
The second flaw, CVE-2026-6238 (CVSS 6.5), is a buffer overread triggered by corrupted RDATA fields in DNS responses.
Applications using functions like ns_printrrf, ns_printrr, or fp_nquery fail to validate RDATA content against its reported length when processing LOC, CERT, TKEY, or TSIG records.
An attacker could craft a malicious DNS response to:
- Crash the application.
- Read uninitialized memory, potentially leaking sensitive information.
These functions are intended for application debugging only and are not used in the standard execution path of the DNS resolver.
However, they have been deprecated since August 2021 (version 2.34). The GNU C Library maintenance team is urging developers to take action: “Applications should consider porting away from these interfaces since they may be removed in future versions”.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
