CVE-2026-22188
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
The deploy-stub component in Panda3D up to version 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The alloca() function allocates memory for argv_copy and argv_copy2 based on attacker-controlled argc without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, causing a reliable crash and undefined behavior.
Risk Assessment
The risk is the ability to remotely or locally crash the Panda3D application by sending maliciously crafted arguments, leading to service disruption and potential system instability.
Recommendation
Immediately update Panda3D to a version later than 1.10.16 that includes a fix limiting stack allocation. If an update is not possible, restrict access to the application and filter command-line argument length.
Original NVD description (English source)
The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior.

