Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-53432
PUBLISHED
More InfoOfficial Page
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
View Known Exploited Vulnerability (KEV) details
Published At-30 Jun, 2026 | 12:01
Updated At-30 Jun, 2026 | 15:58
Rejected At-
▼CVE Numbering Authority (CNA)
Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.

Affected Products
Vendor
fzf
Product
fzf
Repo
https://github.com/junegunn/fzf
Program Files
  • src/algo/algo.go
Program Routines
  • FuzzyMatchV2
Platforms
  • 32 bit
Default Status
unaffected
Versions
Affected
  • From 0 before 0.73.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190 Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
4.05.6MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Michał Majchrowicz (AFINE Team)
finder
Marcin Wyczechowski (AFINE Team)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert.pl/en/posts/2026/06/CVE-2026-53432
third-party-advisory
https://github.com/junegunn/fzf
product
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
issue-tracking
Hyperlink: https://cert.pl/en/posts/2026/06/CVE-2026-53432
Resource:
third-party-advisory
Hyperlink: https://github.com/junegunn/fzf
Resource:
product
Hyperlink: https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found