CVE-2026-10646 | zephyrproject zephyr up to 4.4.x getaddrinfo.c getaddrinfo ai_arr[] use after free (GHSA-h752-vhmf-29w6)

Inserito da Angelo Barbosa | Giu 28, 2026 | CVE

A vulnerability classified as critical has been found in zephyrproject zephyr up to 4.4.x. The impacted element is the function getaddrinfo of the file subsys/net/lib/sockets/getaddrinfo.c. The manipulation of the argument ai_arr[] leads to use after free.

This vulnerability is listed as CVE-2026-10646. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-10646 | zephyrproject zephyr up to 4.4.x getaddrinfo.c getaddrinfo ai_arr[] use after free (GHSA-h752-vhmf-29w6)

Post correlati

CVE-2024-46959 | Runofast Indoor Security Camera for Baby Monitor Audio Stream /stream1 default password

CVE-2024-12037 | svenl77 Post Form Plugin up to 2.8.13 on WordPress bf_new_submission_link cross site scripting

CVE-2017-11076 | Qualcomm Snapdragon Automobile up to _High_Med_2016 VP9 Decoding out-of-range pointer offset

CVE-2025-6271 | swftools up to 0.9.2 wav2swf lib/wav.c wav_convert2mono out-of-bounds (Issue 239)