SB2026053102 - Fedora 44 update for tailscale
Published: May 31, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Integer underflow (CVE-ID: CVE-2026-34165)
CWE-ID: CWE-191 - Integer underflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to integer underflow in .idx file processing when parsing a crafted .idx file. A local user can create or alter an .idx file in the local repository's .git directory to cause a denial of service.
User interaction is required.
2) Improper Validation of Array Index (CVE-ID: CVE-2026-33762)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper validation of array index in the index decoder for format version 4 when parsing a crafted .git/index file. A local user can supply a specially crafted .git/index file to cause a denial of service.
User interaction is required during normal index parsing, and the issue can result in process termination if the application does not recover from panics.
Remediation
Install update from vendor's website.