Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-3257

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 weeks, 1 day ago by @mweinelt Activity log

Created automatic suggestion 2 weeks, 3 days ago
@mweinelt removed package unqlite 2 weeks, 1 day ago
@mweinelt dismissed 2 weeks, 1 day ago

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.

References

https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes release-notes
https://www.cve.org/CVERecord?id=CVE-2025-3791 vdb-entry vendor-advisory related
https://unqlite.symisc.net/

Affected products

UnQLite

=<0.06

Ignored packages (1)

pkgs.unqlite

Self-contained, serverless, zero-conf, transactional NoSQL DB library

nixos-unstable 1.1.9
- nixpkgs-unstable 1.1.9
- nixos-unstable-small 1.1.9
nixos-25.11 1.1.9
- nixos-25.11-small 1.1.9
- nixpkgs-25.11-darwin 1.1.9

Not in nixpkgs

Suggestion detail

References

Affected products

pkgs.unqlite