EUVD-2026-35727
Incorrect Calculation of Buffer Size (CWE-131)
GHSA-3pg4-4j29-q4rr
Medium
Disputed · 5.7 Vendor: microsoft
Temporal: 5.0
Share
Severity by source
Sources disagree (Medium–Critical)
Vendor (microsoft)
PRIMARY
5.7
MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ENISA EUVD
CRITICAL
qualitative
CIRCL (temporal)
5.0
MEDIUM
cvss
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Lifecycle Timeline
2
Analysis Generated
Jun 09, 2026 - 19:53 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 5.7
DescriptionCVE.org
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
AnalysisAI
Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Gain authenticated access on adjacent network segment
Delivery
Identify unpatched Windows target sharing same VLAN or subnet
Exploit
Craft malformed TCP/IP packet triggering buffer size miscalculation
Execution
Deliver packet to target TCP/IP stack
Persist
Corrupt kernel memory in networking subsystem
Impact
Crash TCP/IP stack, denying network service to host
Access
Gain authenticated access on adjacent network segment
Delivery
Identify unpatched Windows target sharing same VLAN or subnet
Exploit
Craft malformed TCP/IP packet triggering buffer size miscalculation
Execution
Deliver packet to target TCP/IP stack
Persist
Corrupt kernel memory in networking subsystem
Impact
Crash TCP/IP stack, denying network service to host
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold low-level authenticated access (PR:L per CVSS vector - e.g., a domain user, local account, or authenticated network peer) and to be positioned on the same adjacent network segment as the target (AV:A per CVSS vector - same broadcast domain, VLAN, or directly attached subnet). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.7 (Medium) accurately reflects a meaningfully constrained attack surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user - such as a malicious insider, a compromised endpoint on the same corporate VLAN, or a rogue device on a shared cloud tenant subnet - sends a specially crafted TCP/IP packet to a vulnerable Windows host on the same network segment, triggering an incorrect buffer size calculation in the kernel-mode TCP/IP stack. The miscalculation causes a memory error that crashes the networking subsystem, resulting in loss of network connectivity or a system crash on the targeted host. … |
| Remediation | Apply the Microsoft-released patch via Windows Update, Windows Server Update Services (WSUS), or Microsoft Update Catalog targeting the following fixed builds: Windows Server 2022 build 10.0.20348.5256 or later; Windows 10 21H2 build 10.0.19044.7417 or later; Windows 10 22H2 build 10.0.19045.7417 or later; Windows 11 23H2 build 10.0.22631.7219 or later; Windows 11 24H2 build 10.0.26100.8655 or later; Windows Server 2025 and Server 2025 Core build 10.0.26100.32995 or later; Windows 11 25H2 build 10.0.26200.8655 or later; Windows 11 26H1 build 10.0.28000.2269 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).