CVE-2026-4010
ThakeeNathees pocketlang pkByteBufferAddString memory corruption
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results in memory corruption. The attack requires a local approach. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-119 |
| Vendor | thakeenathees |
| Product | pocketlang |
| Published | Mar 12, 2026 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for thakeenathees pocketlang
Be the first to know when new low vulnerabilities affecting thakeenathees pocketlang are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
ThakeeNathees / pocketlang
cc73ca61b113d48ee130d837a7a8b145e41de5ce
References
vuldb.com: https://vuldb.com/?id.350533 vuldb.com: https://vuldb.com/?ctiid.350533 vuldb.com: https://vuldb.com/?submit.769773 github.com: https://github.com/ThakeeNathees/pocketlang/issues/302 github.com: https://github.com/oneafter/0211/blob/main/po/repro github.com: https://github.com/ThakeeNathees/pocketlang/
Credits
๐ Oneafter (VulDB User)