Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

...

UBUNTU-CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

In CVE-2026-39824, the issue is in golang.org/x/sys/windows: NewNTUnicodeString does not validate string length against the 16-bit NTUnicodeString size. This can cause an overflow and result in a truncated string instead of an error. Public references indicate the vulnerability affects Go-related...

CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

GO-2026-5024 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...