This issue was fixed in version 0.73.1.
Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Tue, 30 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1. | |
| Title | Integer Overflow in fzf | |
| Weaknesses | CWE-190 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-06-30T15:58:16.427Z
Reserved: 2026-06-09T11:41:37.126Z
Link: CVE-2026-53432
Updated: 2026-06-30T14:18:37.329Z
No data.
OpenCVE Enrichment
Updated: 2026-06-30T13:30:13Z