Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-0395

updated 6 days, 23 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 week ago
@LeSuisse removed
24 packages
- libc
- iconv
- getent
- locale
- mtrace
- getconf
- libiconv
- glibcInfo
- glibc_multi
- glibcLocales
- glibc_memusage
- glibcLocalesUtf8
- unixtools.getent
- unixtools.locale
- unixtools.getconf
- minimal-bootstrap.glibc
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
6 days, 23 hours ago
@LeSuisse removed
10 maintainers
- @ConnorBaker
- @siraben
- @Ma27
- @06kellyjac
- @Artturin
- @pyrox0
- @Gskartwii
- @Ericson2314
- @emilytrau
- @alejandrosame
6 days, 23 hours ago
@LeSuisse dismissed 6 days, 23 hours ago

When the assert() function in the GNU C Library versions …

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

Affected products

glibc

=<2.40

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

Ignored packages (24)

pkgs.libc

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.iconv

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.getent

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.locale

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.getconf

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.libiconv

None

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42
nixos-25.11 2.40
- nixos-25.11-small 2.40
- nixpkgs-25.11-darwin 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibc_multi

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.unixtools.getent

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.unixtools.locale

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.unixtools.getconf

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.minimal-bootstrap.glibc

The GNU C Library

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

Ignored maintainers (10)

@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@Artturin Artturi N <artturin@artturin.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@emilytrau Emily Trau <emily+nix@downunderctf.com>
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>

Current stable branch never impacted (https://github.com/NixOS/nixpkgs/pull/376209)

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.glibc

pkgs.libc

pkgs.iconv

pkgs.getent

pkgs.locale

pkgs.mtrace

pkgs.getconf

pkgs.libiconv

pkgs.glibcInfo

pkgs.glibc_multi

pkgs.glibcLocales

pkgs.glibc_memusage

pkgs.glibcLocalesUtf8

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

pkgs.minimal-bootstrap.glibc

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

Package maintainers