CRITICAL🇵🇱 Wersja polska

CVE-2026-24814

CVSS 10.0v4.0pub. 2026-01-27upd. 2026-04-15

Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2.

🤖 AI Analysis
How it works

The vulnerability is an integer overflow (integer overflow or wraparound) in the code handling dynamic strings (SDS — Simple Dynamic Strings) in the hiredis module included with swoole-src. Improperly handled arithmetic operations on integer values can result in allocation of a buffer that is too small, opening the way to further memory overwrites. The attack vector is network-based, requires no authentication or user interaction.

Impact

An attacker can remotely, without authentication, cause memory corruption in the process, which may consequently enable arbitrary code execution (RCE), disclosure of sensitive data, or service unavailability. High impact on confidentiality, integrity, and availability affects both the direct component and related systems.

Mitigation & patch

swoole-src should be updated to version 6.0.2 or newer. Patch details are available in the vendor reference: https://github.com/swoole/swoole-src/pull/5698

Who is affected

swoole-src in versions prior to 6.0.2 (thirdparty/hiredis component, sds.c file)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References