GNU libc Denial of Service Vulnerability

CERT-Bund Security Advisories

Published March 30th, 2026

Detected March 31st, 2026

Summary

CERT-Bund issued advisory WID-SEC-2026-0918 warning of a denial of service vulnerability in GNU libc versions up to 2.43 (CVSS 7.5). The vulnerability allows remote anonymous attackers to cause service disruption. Mitigation measures are available.

View original document View source feed page

What changed

The vulnerability affects GNU libc, a core C library used in Linux and other UNIX systems, with versions up to and including 2.43 vulnerable. Remote attackers can exploit this to perform denial of service attacks. Organizations using affected versions should immediately identify vulnerable systems, apply available patches or mitigations, and monitor for exploitation attempts.

Organizations should audit their systems to determine if GNU libc versions 2.43 or earlier are present, apply vendor-released patches or workarounds, and implement intrusion detection monitoring to identify potential exploitation attempts.

What to do next

Identify systems running GNU libc <=2.43
Apply patches or mitigations
Monitor for exploitation attempts

Source document (simplified)

[WID-SEC-2026-0918] GNU libc: Schwachstelle ermöglicht Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.7 (mittel) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

UNIX

Produktbeschreibung

Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalität bereitstellt.

Produkte

30.03.2026
- Open Source GNU libc <=2.43

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GNU libc ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben