Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0013

NIXPKGS-2026-0013
published on 16 Jan 2026
Permalink CVE-2026-0861
updated 3 weeks, 5 days ago by @LeSuisse Activity log
  • Created automatic suggestion 3 weeks, 6 days ago
  • @LeSuisse removed
    21 packages
    • tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
    • tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
    • tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
    • tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
    • tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
    • tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
    • tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
    • glibcLocalesUtf8
    • unixtools.getent
    • unixtools.locale
    • unixtools.getconf
    • getent
    • locale
    • iconv
    • mtrace
    • getconf
    • libiconv
    • glibcInfo
    • glibcLocales
    3 weeks, 5 days ago
  • @LeSuisse accepted 3 weeks, 5 days ago
  • @LeSuisse published on GitHub 3 weeks, 5 days ago
Integer overflow in memalign leads to heap corruption

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

Affected products

glibc
  • =<2.42

Matching in nixpkgs

Package maintainers

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001