Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2019-25572

6.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 9 hours ago

NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

References

Official Product Homepage product
Product Reference product
VulnCheck Advisory: NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow third-party-advisory
ExploitDB-46343 exploit

Affected products

NordVPN

==6.19.6

Matching in nixpkgs

pkgs.gnomeExtensions.gnordvpn-local

A Gnome extension that shows the NordVPN status in the top bar and provides the ability to configure certain aspects of the connection.

nixos-unstable 31
- nixpkgs-unstable 31
- nixos-unstable-small 31
nixos-25.11 30
- nixos-25.11-small 30
- nixpkgs-25.11-darwin 30

pkgs.gnomeExtensions.nordvpn-quick-toggle

GNOME extension that shows a quick toggle to connect/disconnect NordVPN.

nixos-unstable 13
- nixpkgs-unstable 13
- nixos-unstable-small 13
nixos-25.11 13
- nixos-25.11-small 13
- nixpkgs-25.11-darwin 13

Package maintainers

@honnip Jung seungwoo <me@honnip.page>