Nixpkgs security tracker
3.8 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Physical (P)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
by @mweinelt Activity log
- Created suggestion
-
@mweinelt
ignored
12 packages
- python313Packages.tree-sitter-grammars.tree-sitter-openscad
- python314Packages.tree-sitter-grammars.tree-sitter-openscad
- openscad
- openscap
- openscreen
- openscad-lsp
- openscenegraph
- openscad-unstable
- opensc
- tree-sitter-grammars.tree-sitter-openscad
- vscode-extensions.antyos.openscad
- kakounePlugins.openscad-kak
- @mweinelt restored package opensc
- @mweinelt accepted
- @mweinelt published on GitHub
OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
References
-
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4 x_refsource_CONFIRM
-
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010 x_refsource_MISC
Affected products
- ==< 0.27.0
Matching in nixpkgs
Ignored packages (11)
pkgs.openscad
3D parametric model compiler
pkgs.openscap
NIST Certified SCAP 1.2 toolkit
pkgs.openscreen
Free, open-source alternative to Screen Studio (sort of)
pkgs.openscad-lsp
LSP (Language Server Protocol) server for OpenSCAD
pkgs.openscenegraph
3D graphics toolkit
pkgs.openscad-unstable
3D parametric model compiler (unstable)
-
nixos-unstable 2021.01-unstable-2026-02-25
- nixpkgs-unstable 2021.01-unstable-2026-02-25
- nixos-unstable-small 2021.01-unstable-2026-02-25
-
nixos-25.11 2021.01-unstable-2025-10-27
- nixos-25.11-small 2021.01-unstable-2025-10-27
- nixpkgs-25.11-darwin 2021.01-unstable-2025-10-27
pkgs.kakounePlugins.openscad-kak
None
-
nixos-unstable 2020-12-10
- nixpkgs-unstable 2020-12-10
- nixos-unstable-small 2020-12-10
-
nixos-25.11 2020-12-10
- nixos-25.11-small 2020-12-10
- nixpkgs-25.11-darwin 2020-12-10
pkgs.vscode-extensions.antyos.openscad
OpenSCAD highlighting, snippets, and more for VSCode
pkgs.tree-sitter-grammars.tree-sitter-openscad
Tree-sitter grammar for openscad
-
nixos-unstable 0.7.0-unstable-2025-11-25
- nixpkgs-unstable 0.7.0-unstable-2025-11-25
- nixos-unstable-small 0.7.0-unstable-2025-11-25
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-openscad
Python bindings for tree-sitter-openscad
-
nixos-unstable 0.7.0+unstable20251125
- nixpkgs-unstable 0.7.0+unstable20251125
- nixos-unstable-small 0.7.0+unstable20251125
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-openscad
Python bindings for tree-sitter-openscad
-
nixos-unstable 0.7.0+unstable20251125
- nixpkgs-unstable 0.7.0+unstable20251125
- nixos-unstable-small 0.7.0+unstable20251125
Package maintainers
-
@michaeladler Michael Adler <therisen06@gmail.com>