CVE-2026-8484
Public on 2026-06-16
Modified on 2026-06-20
Description
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS).
All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment.
All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | jansi | Not Affected | ||
| Amazon Linux 2023 | jansi | Pending Fix | ||
| Amazon Linux 2 - Core | jansi-native | Pending Fix | ||
| Amazon Linux 2023 | jansi-native | Pending Fix | ||
| Amazon Linux 2023 | jansi1 | Not Affected | ||
| Amazon Linux 2023 | javapackages-bootstrap | Not Affected | ||
| Amazon Linux 2023 | maven3.9 | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |