{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43958", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-05-04T18:07:21.843Z", "datePublished": "2026-06-01T17:34:17.226Z", "dateUpdated": "2026-06-02T15:36:26.259Z"}, "containers": {"cna": {"title": "Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rrdtool", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rrdtool", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rrdtool", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rrdtool", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rrdtool", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-43958", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460932", "name": "RHBZ#2460932", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-06-01T17:04:30.295Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow", "workarounds": [{"lang": "en", "value": "Restrict access to the `rrdcached` UNIX socket using filesystem permissions and group ownership to prevent untrusted local users from connecting. Avoid exposing `rrdcached` on TCP listeners unless strictly necessary, and ensure any such listeners are protected by network access controls. Additionally, run the `rrdcached` daemon as an unprivileged user and group using the `-U` and `-G` options to minimize impact in case of compromise. If `rrdcached` is restarted or reloaded, these configurations will be reapplied."}], "timeline": [{"lang": "en", "time": "2026-04-22T23:10:41.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-01T17:04:30.295Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-01T17:47:30.927Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-02T15:36:15.651344Z", "id": "CVE-2026-43958", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T15:36:26.259Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-43958", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-02T15:36:15.651344Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T15:36:22.102Z"}}], "cna": {"title": "Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "rrdtool", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "rrdtool", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "rrdtool", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "rrdtool", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "rrdtool", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-04-22T23:10:41.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-01T17:04:30.295Z", "value": "Made public."}], "datePublic": "2026-06-01T17:04:30.295Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-43958", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460932", "name": "RHBZ#2460932", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Restrict access to the `rrdcached` UNIX socket using filesystem permissions and group ownership to prevent untrusted local users from connecting. Avoid exposing `rrdcached` on TCP listeners unless strictly necessary, and ensure any such listeners are protected by network access controls. Additionally, run the `rrdcached` daemon as an unprivileged user and group using the `-U` and `-G` options to minimize impact in case of compromise. If `rrdcached` is restarted or reloaded, these configurations will be reapplied."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-01T17:47:30.927Z"}, "x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"}}, "cveMetadata": {"cveId": "CVE-2026-43958", "state": "PUBLISHED", "dateUpdated": "2026-06-02T15:36:26.259Z", "dateReserved": "2026-05-04T18:07:21.843Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-06-01T17:34:17.226Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data."}], "id": "CVE-2026-43958", "lastModified": "2026-06-02T14:01:54.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-06-01T19:16:47.970", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-43958"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460932"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service", "id": "2460932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460932"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data."], "mitigation": {"lang": "en:us", "value": "Restrict access to the `rrdcached` UNIX socket using filesystem permissions and group ownership to prevent untrusted local users from connecting. Avoid exposing `rrdcached` on TCP listeners unless strictly necessary, and ensure any such listeners are protected by network access controls. Additionally, run the `rrdcached` daemon as an unprivileged user and group using the `-U` and `-G` options to minimize impact in case of compromise. If `rrdcached` is restarted or reloaded, these configurations will be reapplied."}, "name": "CVE-2026-43958", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rrdtool", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "rrdtool", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "rrdtool", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "rrdtool", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rrdtool", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-01T17:04:30Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43958\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43958"], "statement": "This stack buffer overflow in `rrdcached` allows a local attacker with socket access to cause a denial of service or potentially execute arbitrary code. The default configuration exposes `rrdcached` via a local UNIX socket, requiring local access and specific permissions for exploitation. Deployments exposing TCP listeners without proper access controls face a higher risk. The Red Hat Product Security team has rated this vulnerability as having a Moderate severity, this is due to the fact of the attack vector is local and the attacker needs permission to reach out to the UNIX socket in order to exploit this flaw.", "threat_severity": "Moderate"}

{"created": "2026-06-01T20:30:17.066699+00:00", "updated": "2026-06-01T20:30:17.066727+00:00", "vendors": []}