AIKIDO-2026-10223
abseil.abseil-cpp is vulnerable to Integer Overflow
29
Low Risk
This Affects:
abseil.abseil-cppTL;DR
Affected versions of this package are vulnerable to heap buffer overflow due to integer overflow in hash container resizing logic. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}_hash_{set,map} did not impose an upper bound on their size argument. A very large size value could cause an integer overflow when computing the container’s backing store size, leading to out-of-bounds memory writes and subsequent potential out-of-bounds memory access during container operations. This could be abused to corrupt memory and cause crashes or other unpredictable behavior. The issue is fixed by adding proper bounds checking on size arguments in the affected methods.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
abseil.abseil-cpp is vulnerable to Integer Overflow in versions 20250127.0 - 20250127.1 and 20200225 - 20240722.1.
How to fix this
Upgrade the abseil.abseil-cpp library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant