What is GHSA-rf6w-j5hg-8rcv?

GHSA-rf6w-j5hg-8rcv is a security advisory published by GitHub Security Advisories with Medium severity. NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the...

Which CVE IDs does GHSA-rf6w-j5hg-8rcv cover?

GHSA-rf6w-j5hg-8rcv covers the following CVE IDs: CVE-2026-32849. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-rf6w-j5hg-8rcv?

GHSA-rf6w-j5hg-8rcv has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-rf6w-j5hg-8rcvMediumCVSS 5.5

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the...

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-32849 →

📋 Description

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior when cop->dst_len exceeds INT_MAX. A local attacker with access to /dev/crypto and a compression session type can exploit this vulnerability by providing a dst_len value exceeding INT_MAX to trigger a kernel panic through NULL pointer dereference when CONFIG_SVS is disabled and corrupted UIO pointer arithmetic.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-32849
https://github.com/NetBSD/src/commit/ec8451efc1565516aba9e7047e1a1a1ce7953a2f
https://nasm.re/posts/uaf_netbsd_crypto
https://www.vulncheck.com/advisories/netbsd-signed-integer-overflow-in-cryptodev-op-via-cryptodev-c
https://github.com/advisories/GHSA-rf6w-j5hg-8rcv