Integer Overflow or Wraparound

CVE-2026-45686

Low

0/10

Summary

A remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as `set`, `add`, `replace`, `append`, `prepend`, or `cas`, OBI accepts extremely large `<bytes>` values and adds the payload delimiter length without checking for overflow. A crafted request with `<bytes>` set to `math.MaxInt` or `math.MaxInt-1` causes the computed payload length to wrap negative and triggers a runtime panic in `LargeBufferReader.Peek`.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-190 - Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

Advisory

Advisory Timeline

Published Jun 02, 2026

Integer Overflow or Wraparound

CVE-2026-45686

Summary

CWE-190 - Integer Overflow or Wraparound

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS