CVE-2026-8484 | A heap buffer overflow vulnerability exists in the Jansi JNI… | CVSS 4.8 MEDIUM

Description

A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment.

Metadata

CVE ID: CVE-2026-8484
State: PUBLISHED
Assigner: CERT-PL
Reserved: 2026-05-13 14:47 UTC
Published: 2026-06-16 10:32 UTC
Last updated: 2026-06-16 12:15 UTC
Primary CWE: CWE-122
CWE-122 Heap-based Buffer Overflow
Vendor / Product: FuseSource / jansi
Sources: cve.org · NVD

Severity & Metrics

4.8 MEDIUM CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
FuseSource	jansi	—	0 ≤ 2.4.3

Weakness (CWE)

CWE	Source	Description
CWE-122	cna	CWE-122 Heap-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.8	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References (2)