Skip to main content

fzf CVE-2026-53432

| EUVDEUVD-2026-40302 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-06-30 CERT-PL GHSA-rrf5-grxg-q8mm
5.6
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
5.6 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.7 MEDIUM

Local vector with high complexity (specific ~2.2 MB line + ~999-byte pattern threshold required); user interaction needed; impact limited to availability only.

3.1 AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 14:01 EUVD
Analysis Generated
Jun 30, 2026 - 12:51 vuln.today

DescriptionCVE.org

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic.

This issue was fixed in version 0.73.1.

AnalysisAI

Integer overflow in fzf's FuzzyMatchV2 function causes a non-recoverable process crash (denial of service) when input lines reach approximately 2,200,000 bytes and a search pattern of ~999 bytes is active. The Go runtime detects the resulting invalid slice bounds and immediately terminates the process with a panic - there is no recovery path and no possibility of memory corruption or code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Supply crafted ~2.2 MB input line to fzf pipeline
Delivery
User or script activates ~999-byte search pattern
Exploit
FuzzyMatchV2 overflows integer during slice-size computation
Execution
Go runtime detects invalid slice bounds
Persist
fzf process terminates with non-recoverable panic
Impact
Denial of service achieved

Vulnerability AssessmentAI

Exploitation Exploitation requires two simultaneous size conditions: the input line fed to fzf must be approximately 2,200,000 bytes or longer, and the active search pattern must be approximately 999 bytes in length. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N, score 5.6) accurately characterises the risk envelope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user or automated script pipes a data source containing lines of approximately 2,200,000 bytes or more into fzf while searching with a pattern close to 999 bytes in length - for example, querying a very large log file or a corpus of minified source code. FuzzyMatchV2 overflows an integer during slice-bound computation, the Go runtime detects the invalid index, and fzf terminates immediately with a panic, disrupting the interactive session or causing a script that depends on fzf's exit status to fail unexpectedly. …
Remediation Upgrade fzf to version 0.73.1 or later, which contains the fix introduced in commit ccedd064ca56921a4235219516b3d834f60e7b91 at https://github.com/junegunn/fzf. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53432 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy