Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-32849
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-18 May, 2026 | 17:42
Updated At-18 May, 2026 | 18:58
Rejected At-
▼CVE Numbering Authority (CNA)
NetBSD Signed Integer Overflow in cryptodev_op via cryptodev.c

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior when cop->dst_len exceeds INT_MAX. A local attacker with access to /dev/crypto and a compression session type can exploit this vulnerability by providing a dst_len value exceeding INT_MAX to trigger a kernel panic through NULL pointer dereference when CONFIG_SVS is disabled and corrupted UIO pointer arithmetic.

Affected Products
Vendor
NetBSDNetBSD
Product
src
Repo
https://github.com/NetBSD/src
Default Status
affected
Versions
Affected
  • From 0 before ec8451efc1565516aba9e7047e1a1a1ce7953a2f (git)
Problem Types
TypeCWE IDDescription
CWECWE-190Integer Overflow or Wraparound
CWECWE-476NULL Pointer Dereference
Type: CWE
CWE ID: CWE-190
Description: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-476
Description: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
4.05.7MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
nasm
finder
VulnCheck
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nasm.re/posts/uaf_netbsd_crypto/
technical-description
exploit
https://github.com/NetBSD/src/commit/ec8451efc1565516aba9e7047e1a1a1ce7953a2f
patch
https://www.vulncheck.com/advisories/netbsd-signed-integer-overflow-in-cryptodev-op-via-cryptodev-c
third-party-advisory
Hyperlink: https://nasm.re/posts/uaf_netbsd_crypto/
Resource:
technical-description
exploit
Hyperlink: https://github.com/NetBSD/src/commit/ec8451efc1565516aba9e7047e1a1a1ce7953a2f
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/netbsd-signed-integer-overflow-in-cryptodev-op-via-cryptodev-c
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found