Skip to main content

CVE-2026-1484

MEDIUM
Out-of-bounds Write (CWE-787)
2026-01-27 secalert@redhat.com
4.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.2 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
SUSE
MEDIUM
qualitative
Red Hat
4.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Jan 27, 2026 - 14:15 nvd
MEDIUM 4.2

DescriptionCVE.org

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

AnalysisAI

GLib's Base64 encoder miscalculates buffer boundaries when handling extremely large inputs due to integer type misuse, potentially causing out-of-bounds memory writes. Applications processing untrusted large Base64 data could experience crashes or unpredictable behavior, though code execution is not indicated by the vector constraints. No patch is currently available for this medium-severity vulnerability.

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

Affected ProductsAI

the GLib Base64 encoding routine when processing very large input data

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/manager/5.0/x86_64/proxy-httpd:latest Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.2.8.15.2 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.2.9.13.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image proxy-httpd-image Image server-image Affected
Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/server-attestation:latest Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.2.8.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Image proxy-salt-broker-image Image server-hub-xmlrpc-api-image Image server-saline-image Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.125 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.94 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.112 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.126 Image SL-Micro Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.67 Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.57 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.78 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.80 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.71 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2026-1484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy