ByteOS Network

Vulnerability Details :

CVE-2026-2903

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-22 Feb, 2026 | 00:32

Updated At-26 Feb, 2026 | 16:21

skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:22 Feb, 2026 | 00:32

Updated At:26 Feb, 2026 | 16:21

▼CVE Numbering Authority (CNA)

skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

Affected Products

Vendor

skvadrik

Product

re2c

CPEs

cpe:2.3:a:re2c:re2c:*:*:*:*:*:*:*:*

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-476	NULL Pointer Dereference
CWE	CWE-404	Denial of Service

Type: CWE

CWE ID: CWE-476

Description: NULL Pointer Dereference

Type: CWE

CWE ID: CWE-404

Description: Denial of Service

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.0	3.3	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.0	1.7	N/A	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 1.7

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Credits

reporter

Oneafter (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-02-20 00:00:00
VulDB entry created	2026-02-20 01:00:00
VulDB entry last update	2026-02-20 21:07:45

Event: Advisory disclosed

Date: 2026-02-20 00:00:00

Event: VulDB entry created

Date: 2026-02-20 01:00:00

Event: VulDB entry last update

Date: 2026-02-20 21:07:45

References

Hyperlink	Resource
https://vuldb.com/?id.347210	vdb-entry technical-description
https://vuldb.com/?ctiid.347210	signature permissions-required
https://vuldb.com/?submit.755030	third-party-advisory
https://github.com/skvadrik/re2c/issues/571	issue-tracking
https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101	issue-tracking
https://github.com/oneafter/0202/blob/main/re/repro	exploit
https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97	patch
https://github.com/skvadrik/re2c/	product

Hyperlink: https://vuldb.com/?id.347210

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.347210

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.755030

Resource:

third-party-advisory

Hyperlink: https://github.com/skvadrik/re2c/issues/571

Resource:

issue-tracking

Hyperlink: https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101

Resource:

issue-tracking

Hyperlink: https://github.com/oneafter/0202/blob/main/re/repro

Resource:

exploit

Hyperlink: https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97

Resource:

patch

Hyperlink: https://github.com/skvadrik/re2c/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:22 Feb, 2026 | 01:16

Updated At:23 Feb, 2026 | 18:13

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary	2.0	1.7	LOW	AV:L/AC:L/Au:S/C:N/I:N/A:P

Type: Secondary

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 2.0

Base score: 1.7

Base severity: LOW

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

CWE ID	Type	Source
CWE-404	Primary	cna@vuldb.com
CWE-476	Primary	cna@vuldb.com

CWE ID: CWE-404

Type: Primary

Source: cna@vuldb.com

CWE ID: CWE-476

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/oneafter/0202/blob/main/re/repro	cna@vuldb.com	N/A
https://github.com/skvadrik/re2c/	cna@vuldb.com	N/A
https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97	cna@vuldb.com	N/A
https://github.com/skvadrik/re2c/issues/571	cna@vuldb.com	N/A
https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.347210	cna@vuldb.com	N/A
https://vuldb.com/?id.347210	cna@vuldb.com	N/A
https://vuldb.com/?submit.755030	cna@vuldb.com	N/A

Hyperlink: https://github.com/oneafter/0202/blob/main/re/repro

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/skvadrik/re2c/

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/skvadrik/re2c/issues/571

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.347210

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.347210

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.755030

Source: cna@vuldb.com

Resource: N/A

Similar CVEs

105Records found

CVE-2025-15418

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.02% / 5.91%

7 Day CHG~0.00%

Published-01 Jan, 2026 | 23:32

Updated-23 Feb, 2026 | 09:16

Open5GS Bearer QoS IE Length types.c ogs_gtp2_parse_bearer_qos denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is named 4e913d21f2c032b187815f063dbab5ebe65fe83a. To fix this issue, it is recommended to deploy a patch.

Vendor-open5gs n/a

Product-open5gs Open5GS

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2025-15571

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.02% / 4.83%

7 Day CHG+0.01%

Published-10 Feb, 2026 | 14:32

Updated-27 Feb, 2026 | 16:24

ckolivas lrzip stream.c ucompthread null pointer dereference

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Vendor-ckolivas ckolivas

Product-lrzip lrzip

CWE ID-CWE-404

Improper Resource Shutdown or Release

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2025-15417

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.02% / 5.91%

7 Day CHG~0.00%

Published-01 Jan, 2026 | 23:02

Updated-23 Feb, 2026 | 09:16

Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service

A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is publicly available and might be used. The name of the patch is 465273d13ba5d47b274c38c9d1b07f04859178a1. A patch should be applied to remediate this issue.

Vendor-open5gs n/a

Product-open5gs Open5GS

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2024-5198

Matching Score-4

Assigner-OpenVPN Inc.

View Details

Matching Score-4

Assigner-OpenVPN Inc.

CVSS Score-3.3||LOW

EPSS-0.10% / 27.01%

7 Day CHG+0.06%

Published-15 Jan, 2025 | 12:57

Updated-10 Jun, 2025 | 16:12

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.

Vendor-openvpn OpenVPN

Product-ovpn-dco-win ovpn-dco OpenVPN-GUI

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2024-6063

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.04% / 10.86%

7 Day CHG~0.00%

Published-17 Jun, 2024 | 20:31

Updated-25 Sep, 2024 | 16:01

GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.

Vendor-n/a GPAC

Product-gpac GPAC gpac

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2026-2903

Credits

skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs