CVE-2026-43958

NameCVE-2026-43958
DescriptionA flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1140106

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rrdtool (PTS)bullseye1.7.2-3vulnerable
bookworm1.7.2-4vulnerable
trixie1.7.2-4.2vulnerable
forky, sid1.9.0-2.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rrdtoolsource(unstable)(unfixed)1140106

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2460932
Search for package or bug name: Reporting problems