Nixpkgs security tracker

Dismissed

Permalink CVE-2025-0395

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse ignored
24 packages
- libc
- iconv
- getent
- locale
- mtrace
- getconf
- libiconv
- glibcInfo
- glibc_multi
- glibcLocales
- glibc_memusage
- glibcLocalesUtf8
- unixtools.getent
- unixtools.locale
- unixtools.getconf
- minimal-bootstrap.glibc
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
3 months, 1 week ago
@LeSuisse deleted
10 maintainers
- @ConnorBaker
- @siraben
- @Ma27
- @06kellyjac
- @Artturin
- @pyrox0
- @Gskartwii
- @Ericson2314
- @emilytrau
- @alejandrosame
3 months, 1 week ago maintainer.delete
@LeSuisse dismissed 3 months, 1 week ago

When the assert() function in the GNU C Library versions …

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

References

Affected products

glibc

=<2.40

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

Ignored packages (24)

pkgs.libc

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.iconv

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.getent

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.locale

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.getconf

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.libiconv

None

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42
nixos-25.11 2.40
- nixos-25.11-small 2.40
- nixpkgs-25.11-darwin 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibc_multi

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.unixtools.getent

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.unixtools.locale

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.unixtools.getconf

None

nixos-unstable 2.42-47
- nixpkgs-unstable 2.42-47
- nixos-unstable-small 2.42-47
nixos-25.11 2.40-66
- nixos-25.11-small 2.40-66
- nixpkgs-25.11-darwin 2.40-66

pkgs.minimal-bootstrap.glibc

The GNU C Library

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

Ignored maintainers (2)

@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>

Current stable branch never impacted (https://github.com/NixOS/nixpkgs/pull/376209)

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.glibc

pkgs.libc

pkgs.iconv

pkgs.getent

pkgs.locale

pkgs.mtrace

pkgs.getconf

pkgs.libiconv

pkgs.glibcInfo

pkgs.glibc_multi

pkgs.glibcLocales

pkgs.glibc_memusage

pkgs.glibcLocalesUtf8

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

pkgs.minimal-bootstrap.glibc

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

Package maintainers