HIGHCVE-2026-5190Published 2026-03-31Modified 2026-04-01CNA AMZN

CVE-2026-5190: AWS C Event Stream Streaming Decoder Stack Buffer Overflow

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, users should upgrade to version 0.6.0 or later.

CVSS v4.0: 7.7
Severity: HIGH
Fixed in: 0.6.0
Affected Products: 1

Fix available

0.6.0

Patch commits

github.com

Affected packages

AWS / aws-c-event-stream
Fixed in 0.6.0

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

aws.amazon.com
github.com
github.com

Metrics

Fix available