Skip to main content

PulseAudio EUVDEUVD-2026-41007

| CVE-2026-14330 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-01 redhat GHSA-26rf-3h26-fc3w
5.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local socket access inherently requires an active user session (AV:L, PR:L); purely a DoS crash with no confidentiality or integrity impact (C:N/I:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 14:59 vuln.today
CVE Published
Jul 01, 2026 - 14:09 cve.org
MEDIUM 5.5

DescriptionCVE.org

Multiple unbounded alloca() calls in the PulseAudio protocol server.

AnalysisAI

Stack exhaustion via multiple unbounded alloca() calls in the PulseAudio protocol server on Red Hat Enterprise Linux 8, 9, and 10 allows a local low-privileged attacker to crash the audio daemon, resulting in denial of service. The root cause (CWE-770) is the absence of size validation on attacker-controlled protocol parameters before passing them to alloca(), a stack-based allocator with no OS-enforced ceiling. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user session on target RHEL system
Delivery
Connect to PulseAudio Unix-domain protocol socket
Exploit
Send crafted protocol message with oversized allocation field
Execution
Trigger unbounded alloca() exhausting thread stack
Impact
PulseAudio daemon crashes, denying audio service

Vulnerability AssessmentAI

Exploitation Exploitation requires a local user session on the target RHEL system with the ability to connect to the PulseAudio protocol server socket (CVSS AV:L/PR:L confirmed). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (5.5 Medium) accurately characterizes the constrained real-world risk: exploitation is strictly local, requires only a standard user session, and produces no confidentiality or integrity impact - only a crash of the audio daemon. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with a standard user account on a multi-user RHEL desktop system connects to the PulseAudio protocol socket and sends a crafted request containing an oversized length field. The daemon passes this unsanitized value to alloca(), instantly exhausting the thread's stack space, triggering a stack overflow that terminates the PulseAudio process and denies audio service to all active users. …
Remediation No exact patched PulseAudio package version is identified in the available references - patch availability and specific fix versions must be confirmed directly via the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-14330 and the Bugzilla report at https://bugzilla.redhat.com/show_bug.cgi?id=2495907; apply the vendor-released RPM update as soon as it becomes available via standard RHEL channels (yum/dnf update pulseaudio). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Affected
SUSE Linux Enterprise Module for Package Hub 15 SP7 Not-Affected

Share

EUVD-2026-41007 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy