Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-4897

Опубликовано: 26 мар. 2026
Источник: debian
EPSS Низкий

Описание

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
policykit-1unfixedpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2451739

  • Fixed by: https://github.com/polkit-org/polkit/commit/7e122c8a5120c2aae2d9d44a26796dc18f5b677c

  • Introduced with (part of the fixes for CVE-2015-4625):

  • https://github.com/polkit-org/polkit/commit/ea544ffc18405237ccd95d28d7f45afef49aca17 (0.113)

EPSS

Процентиль: 3%
0.00014
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-4897

CVSS3: 5.5
ubuntu
13 дней назад

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

redhat логотип

CVE-2026-4897

CVSS3: 5.5
redhat
13 дней назад

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

nvd логотип

CVE-2026-4897

CVSS3: 5.5
nvd
13 дней назад

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

msrc логотип

CVE-2026-4897

msrc
7 дней назад

Polkit: polkit: denial of service via unbounded input processing through standard input

github логотип

GHSA-v4jf-wwp4-588q

CVSS3: 5.5
github
13 дней назад

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

EPSS

Процентиль: 3%
0.00014
Низкий