Ghostwire
Home / Vulnerabilities / CVE-2026-3298

CVE-2026-3298: The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the...

UNKNOWN CVSS 0.0 Exploit Available 1 PoC

Published: April 21, 2026 | Last Modified: April 21, 2026

Description

The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

Security Coverage (14 articles)

CVE Feed
CVE-2026-3298 - Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
 CVE Feed
CVE-2026-32988 - OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation
 Tenable CVEs
CVE-2026-32988
 Tenable CVEs
CVE-2026-32982
 CVE Feed
CVE-2026-32982 - OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs
 Tenable CVEs
CVE-2026-32980
 CVE Feed
CVE-2026-32980 - OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request
 CVE Feed
CVE-2026-32987 - OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing
 Tenable CVEs
CVE-2026-32987
 Tenable CVEs
CVE-2026-32984
 Tenable CVEs
CVE-2026-32983
 Tenable CVEs
CVE-2026-32986
 Tenable CVEs
CVE-2026-32989
 Tenable CVEs
CVE-2026-32981

References