NIXPKGS-2026-0872

GitHub issue published 2 months, 3 weeks ago

Permalink CVE-2025-66037

3.9 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Physical (P)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Physical (P)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 2 months, 3 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 3 weeks ago
@mweinelt ignored
11 packages
- openscad
- openscap
- openscreen
- openscad-lsp
- openscenegraph
- openscad-unstable
- kakounePlugins.openscad-kak
- vscode-extensions.antyos.openscad
- tree-sitter-grammars.tree-sitter-openscad
- python313Packages.tree-sitter-grammars.tree-sitter-openscad
- python314Packages.tree-sitter-grammars.tree-sitter-openscad
2 months, 3 weeks ago
@mweinelt accepted 2 months, 3 weeks ago
@mweinelt published on GitHub 2 months, 3 weeks ago

OpenSC: Out of Bounds vulnerability

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.

References

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx x_refsource_CONFIRM
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037 x_refsource_MISC

Affected products

OpenSC

==< 0.27.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable 0.26.1
- nixpkgs-unstable 0.26.1
- nixos-unstable-small 0.26.1

Ignored packages (11)

pkgs.openscad

3D parametric model compiler

nixos-unstable 2021.01
- nixpkgs-unstable 2021.01
- nixos-unstable-small 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable 1.4.2
- nixpkgs-unstable 1.4.2
- nixos-unstable-small 1.4.2

pkgs.openscreen

Free, open-source alternative to Screen Studio (sort of)

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable 2021.01-unstable-2026-02-25
- nixpkgs-unstable 2021.01-unstable-2026-02-25
- nixos-unstable-small 2021.01-unstable-2026-02-25

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable 2020-12-10
- nixpkgs-unstable 2020-12-10
- nixos-unstable-small 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.tree-sitter-grammars.tree-sitter-openscad

Tree-sitter grammar for openscad

nixos-unstable 0.7.0-unstable-2025-11-25
- nixpkgs-unstable 0.7.0-unstable-2025-11-25
- nixos-unstable-small 0.7.0-unstable-2025-11-25

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-openscad

Python bindings for tree-sitter-openscad

nixos-unstable 0.7.0+unstable20251125
- nixpkgs-unstable 0.7.0+unstable20251125
- nixos-unstable-small 0.7.0+unstable20251125

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-openscad