CVE-2026-39824

ADVISORY - debian

Summary

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

golang-golang-x-sys (Only affects golang.org/x/sys on Windows) https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg https://github.com/golang/go/issues/78916

EPSS Score⁠: 0.00018 (0.049)

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.