MNBSD-2026-4: Heap overflow in libnv

Severity: Unknown

Affected Package: libnv

Summary: Heap overflow in libnv

Description

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.

Affected Versions

libnv

Recommendations

No specific recommendations provided.

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-26:17.libnv.asc
https://www.cve.org/CVERecord?id=CVE-2026-35547

Additional Information

Aliases: CVE-2026-35547

Published: April 29, 2026
Last Modified: April 29, 2026