Denial of Service via stack-based buffer overflow in StringMap::insert
Summary
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the `llvm::StringMap::insert` function. This manipulation could lead to a denial of service, making the affected system or application unavailable. This flaw has a Low impact as it requires a local attacker to exploit a stack-based buffer overflow in the `llvm::StringMap::insert` function. Successful exploitation could lead to a denial of service, affecting the availability of systems utilizing the vulnerable LLVM component. The vulnerability is limited to local access, reducing its overall risk in typical Red Hat deployments. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-120. Fixed by RHSA-2026:24069, RHSA-2026:7634 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
- llvm21-main-21.1.8-6.hum1
- llvm-main-21.1.8-1.1.hum1
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- llvm21-main-21.1.8-6.hum1
- llvm-main-21.1.8-1.1.hum1
- RHSA-2026:24069
- RHSA-2026:7634
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.