5.5
CVE-2026-4897
- EPSS 0.13%
- Veröffentlicht 26.03.2026 15:16:43
- Zuletzt bearbeitet 21.04.2026 16:29:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Polkit: polkit: denial of service via unbounded input processing through standard input
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freedesktop ≫ Polkit Version-
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/security/cve/CVE-2026-4897
https://bugzilla.redhat.com/show_bug.cgi?id=2451739