CVE-2026-33666

Exploit

EPSS 0.33%
Veröffentlicht 24.04.2026 18:21:11
Zuletzt bearbeitet 28.04.2026 18:32:02
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Zserio: Integer Overflow in BitStreamReader on 32-bit platforms

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes (512 MB) from a buffer that is only a few bytes long, causing a segmentation fault. This vulnerability is fixed in 2.18.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nds-association ≫ Zserio Version < 2.18.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.244

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://github.com/ndsev/zserio/security/advisories/GHSA-fjwv-6wcr-vqwj

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-33666

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33666

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33666

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33666