CVE-2026-39461 - High Severity Vulnerability
Vulnerable Libraries - src4.0.4, src4.0.4, src4.0.4
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (2)
/lib/libcasper/libcasper/libcasper_service.c
/lib/libcasper/libcasper/libcasper_impl.h
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (2)
/lib/libcasper/libcasper/libcasper_service.c
/lib/libcasper/libcasper/libcasper_impl.h
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (2)
/lib/libcasper/libcasper/libcasper_service.c
/lib/libcasper/libcasper/libcasper_impl.h
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
Vulnerability Details
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024).An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
Publish Date: 2026-05-21
URL: CVE-2026-39461
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-05-21
Fix Resolution: https://github.com/freebsd/freebsd-src.git - release/14.4.0-p6,https://github.com/freebsd/freebsd-src.git - release/14.3.0-p15,https://github.com/freebsd/freebsd-src.git - release/15.0.0-p10
Step up your Open Source Security Game with Mend here
CVE-2026-39461 - High Severity Vulnerability
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024).An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
Publish Date: 2026-05-21
URL: CVE-2026-39461
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2026-05-21
Fix Resolution: https://github.com/freebsd/freebsd-src.git - release/14.4.0-p6,https://github.com/freebsd/freebsd-src.git - release/14.3.0-p15,https://github.com/freebsd/freebsd-src.git - release/15.0.0-p10
Step up your Open Source Security Game with Mend here