{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-0708","assignerOrgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","state":"PUBLISHED","assignerShortName":"fedora","dateReserved":"2026-01-08T03:31:35.226Z","datePublished":"2026-03-17T02:28:08.429Z","dateUpdated":"2026-03-17T13:26:47.057Z"},"containers":{"cna":{"title":"Libucl: libucl: denial of service via embedded null byte in ucl input","descriptions":[{"lang":"en","value":"A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system."}],"affected":[{"vendor":"libucl","product":"libucl","versions":[{"status":"affected","version":"3e7f023e184e06f30fb5792dacd9dd0f8b692f1b","versionType":"git"}],"packageName":"libucl","collectionURL":"https://github.com/vstakhov/libucl","defaultStatus":"unknown"}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-0708","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427770","name":"RHBZ#2427770","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/vstakhov/libucl/issues/323"}],"metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H","version":"3.1"},"format":"CVSS"}],"datePublic":"2025-05-15T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"Out-of-bounds Read","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-125: Out-of-bounds Read","workarounds":[{"lang":"en","value":"To mitigate this issue, applications utilizing `libucl` should avoid processing untrusted input that contains keys with embedded null bytes, especially when operating in `UCL_PARSER_ZEROCOPY` mode. Restricting input to trusted sources can reduce exposure."}],"timeline":[{"lang":"en","time":"2026-01-08T03:30:46.275Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-05-15T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","shortName":"fedora","dateUpdated":"2026-03-17T11:38:51.414Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"references":[{"url":"https://github.com/vstakhov/libucl/issues/323","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-17T13:26:43.148913Z","id":"CVE-2026-0708","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-17T13:26:47.057Z"}}]}}