NIXPKGS-2026-0072

GitHub issue published on 21 Jan 2026

Permalink CVE-2025-15281

updated 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 1 day ago
@LeSuisse removed
24 packages
- getconf
- mtrace
- locale
- getent
- iconv
- libc
- libiconv
- glibcInfo
- glibc_multi
- glibc_memusage
- glibcLocales
- glibcLocalesUtf8
- unixtools.getent
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- unixtools.getconf
- unixtools.locale
3 weeks ago
@LeSuisse accepted 3 weeks ago
@LeSuisse published on GitHub 3 weeks ago

wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Affected products

glibc

=<2.42

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.40-66
- nixpkgs-unstable 2.40-66
- nixos-unstable-small 2.40-66
nixos-25.05 2.40-66
- nixos-25.05-small 2.40-66
- nixpkgs-25.05-darwin 2.40-66

Package maintainers

@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>

Upstream advisory: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2026-0003;h=b7a6e83a1096b20e50613581f6de148302752ff3;hb=HEAD

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0072

Affected products

Matching in nixpkgs

pkgs.glibc

Package maintainers