CVEFinder.io

CVE-2026-3904

🔶 medium
🔍 Scan for this CVE
Summary

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue

Description

Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load on x86_64 systems, the client may call memcmp on inputs that are
concurrently modified by other processes or threads and crash.




The nscd client in the GNU C Library uses the memcmp function with
inputs that may be concurrently modified by another thread, potentially
resulting in spurious cache misses, which in itself is not a security
issue.  However in the GNU C Library version 2.36 an optimized
implementation of memcmp was introduced for x86_64 which could crash
when invoked with such undefined behaviour, turning this into a
potential crash of the nscd client and the application that uses it.
This implementation was backported to the 2.35 branch, making the nscd
client in that branch vulnerable as well.  Subsequently, the fix for
this issue was backported to all vulnerable branches in the GNU C
Library repository.


It is advised that distributions that may have cherry-picked the memcpy
SSE2 optimization in their copy of the GNU C Library, also apply the fix
to avoid the potential crash in the nscd client.

CVSS Score
6.2
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-11
First Seen: 2026-03-12
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 39.2% of all 329,456 vulnerabilities in our database.

#200,263
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 11, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-04-09
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-366

📦 Affected Products 1

Vendor Product Status Affected Versions
gnu glibc Affected
> 2.35 < 2.37

🔗 References 5

https://sourceware.org/bugzilla/show_bug.cgi?id=29863
Exploit Issue Tracking Patch
https://sourceware.org/git/?p=glibc.git;a=blob_plain...
Third Party Advisory
https://sourceware.org/git/?p=glibc.git;a=commit;h=8...
Patch
https://sourceware.org/git/?p=glibc.git;a=commit;h=b...
Patch
http://www.openwall.com/lists/oss-security/2026/03/11/5
Mailing List Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-6238 🔶 medium 6.5 0.3 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail t... 2026-04-28
CVE-2026-5435 ⚠️ high 7.3 0.1 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforc... 2026-04-28
CVE-2026-4046 ⚠️ high 7.5 0.0 The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin... 2026-03-30
CVE-2026-4437 ⚠️ high 7.5 0.1 Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... 2026-03-20
CVE-2026-4438 🔶 medium 5.4 0.1 Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the... 2026-03-20
CVE-2025-15281 ⚠️ high 7.5 0.1 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cau... 2026-01-20
These CVEs affect the same products