Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0589

NIXPKGS-2026-0589
published on
Permalink CVE-2026-26309
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 1 month, 2 weeks ago by @mweinelt Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @mweinelt ignored
    11 packages
    • opa-envoy-plugin
    • python312Packages.envoy-utils
    • python313Packages.envoy-utils
    • python314Packages.envoy-utils
    • python312Packages.envoy-reader
    • python313Packages.envoy-reader
    • python314Packages.envoy-reader
    • python313Packages.envoy-data-plane
    • python314Packages.envoy-data-plane
    • home-assistant-component-tests.enphase_envoy
    • tests.home-assistant-component-tests.enphase_envoy
    1 month, 2 weeks ago
  • @mweinelt accepted 1 month, 2 weeks ago
  • @mweinelt published on GitHub 1 month, 2 weeks ago
Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.

Affected products

envoy
  • ==>= 1.35.0, < 1.35.9
  • ==>= 1.37.0, < 1.37.1
  • ==< 1.34.13
  • ==>= 1.36.0, < 1.36.5

Matching in nixpkgs

Ignored packages (11)

Package maintainers

https://github.com/envoyproxy/envoy/security/advisories/GHSA-56cj-wgg3-x943