CVE-2026-43671: SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow

June 12, 2026

A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases.

References

github.com/advisories/GHSA-r3rc-9hpw-54v9
github.com/apple/swift-nio/security/advisories/GHSA-r3rc-9hpw-54v9
nvd.nist.gov/vuln/detail/CVE-2026-43671

Detect and mitigate CVE-2026-43671 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →