Skip to main content

Pardus Pen CVE-2026-12386

| EUVDEUVD-2026-41764 LOW
Improper Null Termination (CWE-170)
2026-07-05 TR-CERT GHSA-hmmj-28g4-h22x
3.9
CVSS 3.1 · Vendor: TR-CERT

Severity by source

Vendor (TR-CERT) PRIMARY
3.9 LOW
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
vuln.today AI
3.9 LOW

Local vector confirmed by description; low privilege and required user interaction match overflow trigger; no integrity impact applies; scope unchanged per application boundary.

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

2
Patch available
Jul 05, 2026 - 16:01 EUVD
Analysis Generated
Jul 05, 2026 - 15:26 vuln.today

DescriptionCVE.org

Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.

This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.

AnalysisAI

Buffer overflow via improper null termination in Pardus Pen affects versions up to and including 4.1.5, with a fix available in 4.2.1. A local, low-privileged user who interacts with crafted input can trigger a CWE-170 null termination error causing out-of-bounds memory reads, resulting in limited confidentiality exposure and availability disruption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege session
Delivery
Craft malformed null-unterminated input
Exploit
Submit input to Pardus Pen
Execution
Trigger CWE-170 buffer overflow
Impact
Read adjacent memory or crash application

Vulnerability AssessmentAI

Exploitation Exploitation requires a local session on the target system (AV:L) with at least low-privileged account access (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The overall real-world risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged local user on a Pardus Linux system with Pardus Pen installed crafts a malformed input - such as a file or data stream lacking proper null termination - and triggers its processing through normal application interaction. The null termination error causes a buffer overflow, potentially leaking a small amount of adjacent memory content and crashing the application. …
Remediation Upgrade Pardus Pen to version 4.2.1 or later, which resolves the improper null termination flaw. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy