Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8423-1 | lwIP vulnerabilities |
Sat, 23 May 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Lwip
Lwip lwip |
|
| CPEs | cpe:2.3:a:lwip:lwip:*:*:*:*:*:*:*:* | |
| Vendors & Products |
N
N lwip |
Lwip
Lwip lwip |
Tue, 19 May 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Lwip-tcpip
Lwip-tcpip lwip |
|
| Vendors & Products |
Lwip-tcpip
Lwip-tcpip lwip |
Mon, 18 May 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 18 May 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue. | |
| Title | lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow | |
| First Time appeared |
N
N lwip |
|
| Weaknesses | CWE-119 CWE-121 |
|
| CPEs | cpe:2.3:a:n:lwip:*:*:*:*:*:*:*:* | |
| Vendors & Products |
N
N lwip |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-05-23T08:54:18.787Z
Reserved: 2026-05-18T14:20:09.110Z
Link: CVE-2026-8836
Updated: 2026-05-18T19:20:17.080Z
Status : Deferred
Published: 2026-05-18T19:16:28.533
Modified: 2026-06-17T11:04:30.400
Link: CVE-2026-8836
No data.
OpenCVE Enrichment
Updated: 2026-05-19T08:18:45Z
Ubuntu USN