Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Red Hat Enterprise Linux (rrdcached): Schwachstelle ermöglicht Codeausführung und DoS

0
Medium
Published: 06/30/2026 (06/30/2026, 22:00:00 UTC)
Source: GCVE Database
Vendor/Project: Bundesamt für Sicherheit in der Informationstechnik
Product: Oracle

Description

A stack buffer overflow vulnerability exists in the rrdcached component of RRDtool on Red Hat Enterprise Linux 8 and 10. This flaw allows local attackers to escalate privileges or cause denial of service by providing unbounded DS/RRA arguments. Red Hat has released security updates addressing this issue in multiple architectures and product variants. The vulnerability is rated as having a moderate security impact by Red Hat Product Security.

Affected software

Affected versions
>=8.0.0 <=8.10>=10.0.0 <=10.2

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/03/2026, 23:11:15 UTC

Technical Analysis

CVE-2026-43958 is a stack buffer overflow vulnerability in the rrdcached handle_request_create() function of RRDtool, a utility used for storing and graphing time-series data. The flaw arises from unbounded DS/RRA arguments, enabling local privilege escalation or denial of service. Red Hat Enterprise Linux versions 8 and 10, across various architectures (x86_64, s390x, ppc64le, aarch64), are affected. Red Hat has issued security advisories RHSA-2026:33731 and RHSA-2026:34155 with updated packages that fix this vulnerability. The advisories provide detailed remediation instructions and package updates.

Potential Impact

Successful exploitation of this vulnerability allows a local attacker to execute code with elevated privileges or cause a denial of service condition on affected Red Hat Enterprise Linux systems. The impact is limited to local users and does not indicate remote exploitation capability. Red Hat rates the security impact as Moderate.

Mitigation Recommendations

Red Hat has released official security updates that fix this vulnerability in RRDtool for Red Hat Enterprise Linux 8 and 10. Users should apply the updates provided in advisories RHSA-2026:33731 and RHSA-2026:34155 promptly. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigation is required beyond applying the official patches.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_base
Csaf Version
2.0
Publisher
Bundesamt für Sicherheit in der Informationstechnik
Advisory Id
WID-SEC-W-2026-2141
Cve Count
1
Additional Cves
[]
Cvss Version
null

Threat ID: 6a483cc527e9c79719d83a85

Added to database: 07/03/2026, 22:50:45 UTC

Last enriched: 07/03/2026, 23:11:15 UTC

Last updated: 07/03/2026, 23:31:10 UTC

Views: 5

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses