CVE-2026-22188

Medium CVSS: 6.9

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.

Vendor

Cmu

Product

Panda3d

CWE

CWE-457

Yayın Tarihi

2026-01-07 21:16:02

Güncelleme

2026-01-12 18:00:28

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-457 Panda3d MEDIUM Cmu 2026

Referanslar

https://github.com/panda3d/panda3d https://seclists.org/fulldisclosure/2026/Jan/9 https://www.panda3d.org/ https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca

Benzer Kayıtlar

Medium

CVE-2026-22189

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use…

Medium

CVE-2026-22190

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (g…

High

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path…