Description

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.

INFO

Published Date :

2026-01-07T20:26:13.360Z

Last Modified :

2026-01-07T21:23:15.544Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22188 vulnerability.

Vendors Products
Cmu
  • Panda3d
Panda3d
  • Panda3d
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22188.

URL Resource
https://github.com/panda3d/panda3d cve-icon cve-icon
https://seclists.org/fulldisclosure/2026/Jan/9 cve-icon cve-icon
https://www.panda3d.org/ cve-icon cve-icon
https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact