CVE-2026-41257: Signed Int Overflow Realloc Offset
A signed integer is used to compute memory size via multiplication, passed to an allocation function, and then used to calculate memory offsets. When the multiplication overflows, the signed integer becomes negative. This causes out-of-bounds pointer arithmetic during memory operations, leading to arbitrary memory modification. Use `size_t` for size tracking
Cβgreprules fetch cve-2026-41257-signed-int-overflow-realloc-offset --engine opengrepDescription
A signed integer is used to compute memory size via multiplication, passed to an allocation function, and then used to calculate memory offsets. When the multiplication overflows, the signed integer becomes negative. This causes out-of-bounds pointer arithmetic during memory operations, leading to arbitrary memory modification. Use `size_t` for size tracking
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0