Nixpkgs security tracker
NIXPKGS-2026-0210
GitHub issue
published on
Permalink
CVE-2026-2242
3.3 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Official Fix (O)
- Report Confidence (RC): Confirmed (C)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
6 packages
- vscode-extensions.janet-lang.vscode-janet
- tree-sitter-grammars.tree-sitter-janet-simple
- vimPlugins.nvim-treesitter-parsers.janet_simple
- python312Packages.tree-sitter-grammars.tree-sitter-janet-simple
- python313Packages.tree-sitter-grammars.tree-sitter-janet-simple
- python314Packages.tree-sitter-grammars.tree-sitter-janet-simple
- @LeSuisse accepted
- @LeSuisse published on GitHub
janet-lang janet specials.c janetc_if out-of-bounds
A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.
References
-
-
-
Submit #754495 | janet-lang janet 2fabc80 Heap-based Buffer Overflow third-party-advisory
-
https://github.com/janet-lang/janet/issues/1700 issue-tracking
-
https://github.com/janet-lang/janet/issues/1702 issue-tracking
Affected products
janet
- ==1.40.0
- ==1.40.1
Matching in nixpkgs
Ignored packages (6)
pkgs.vscode-extensions.janet-lang.vscode-janet
Janet language support for Visual Studio Code
-
nixos-unstable 0.0.7-unstable-2025-05-19
- nixpkgs-unstable 0.0.7-unstable-2025-05-19
- nixos-unstable-small 0.0.7-unstable-2025-05-19
-
nixos-unstable 0.0.0+rev=7e28cbf
- nixpkgs-unstable 0.0.0+rev=7e28cbf
- nixos-unstable-small 0.0.0+rev=7e28cbf
pkgs.python312Packages.tree-sitter-grammars.tree-sitter-janet-simple
Python bindings for tree-sitter-janet-simple
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-janet-simple
Python bindings for tree-sitter-janet-simple
-
nixos-unstable 0.0.7+unstable20250519
- nixpkgs-unstable 0.0.7+unstable20250519
- nixos-unstable-small 0.0.7+unstable20250519
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-janet-simple
Python bindings for tree-sitter-janet-simple
-
nixos-unstable 0.0.7+unstable20250519
- nixpkgs-unstable 0.0.7+unstable20250519
- nixos-unstable-small 0.0.7+unstable20250519
Package maintainers
-
@andrewchambers Andrew Chambers <ac@acha.ninja>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>