CVE-2026-2903

ADVISORY - nist

Summary

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-404⁠

Improper Resource Shutdown or Release

CWE-476⁠

NULL Pointer Dereference

Impacted images

Advisories

NIST

CREATED

13 hours ago

UPDATED

13 hours ago

ADVISORY IDCVE-2026-2903⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-404⁠CWE-476⁠

CVSS SCORE

4.8medium

Debian

CREATED

2 hours ago

UPDATED

2 hours ago

ADVISORY IDCVE-2026-2903⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY