Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-35347

4.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 days, 11 hours ago Activity log

Created suggestion 6 days, 11 hours ago

uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path is a FIFO or a pipe, this pre-read operation drains the stream, leading to silent data loss before the actual comparison logic is executed. Additionally, the utility may hang indefinitely if it attempts to pre-read from infinite streams like /dev/zero.

References

https://github.com/uutils/coreutils/pull/9545 exploitissue-trackingpatch
https://github.com/uutils/coreutils/releases/tag/0.6.0 vendor-advisory

Affected products

coreutils

<0.6.0

Matching in nixpkgs

pkgs.coreutils

GNU Core Utilities

nixos-unstable 9.10
- nixpkgs-unstable 9.10
- nixos-unstable-small 9.10
nixos-25.11 9.8
- nixos-25.11-small 9.8
- nixpkgs-25.11-darwin 9.8

pkgs.coreutils-full

GNU Core Utilities

nixos-unstable 9.10
- nixpkgs-unstable 9.10
- nixos-unstable-small 9.10
nixos-25.11 9.8
- nixos-25.11-small 9.8
- nixpkgs-25.11-darwin 9.8

pkgs.policycoreutils

SELinux policy core utilities

nixos-unstable 3.10
- nixpkgs-unstable 3.10
- nixos-unstable-small 3.10
nixos-25.11 3.8.1
- nixos-25.11-small 3.8.1
- nixpkgs-25.11-darwin 3.8.1

pkgs.uutils-coreutils

Cross-platform Rust rewrite of the GNU coreutils

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.coreutils-prefixed

GNU Core Utilities

nixos-unstable 9.10
- nixpkgs-unstable 9.10
- nixos-unstable-small 9.10
nixos-25.11 9.8
- nixos-25.11-small 9.8
- nixpkgs-25.11-darwin 9.8

pkgs.uutils-coreutils-noprefix

Cross-platform Rust rewrite of the GNU coreutils

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.minimal-bootstrap.coreutils

The GNU Core Utilities

nixos-unstable 5.0
- nixpkgs-unstable 5.0
- nixos-unstable-small 5.0

pkgs.selinuxPackages.policycoreutils

SELinux policy core utilities

nixos-unstable 3.10
- nixpkgs-unstable 3.10
- nixos-unstable-small 3.10

pkgs.minimal-bootstrap.coreutils-musl

The GNU Core Utilities

nixos-unstable 9.9
- nixpkgs-unstable 9.9
- nixos-unstable-small 9.9

pkgs.minimal-bootstrap.coreutils-static

The GNU Core Utilities

nixos-unstable 9.9
- nixpkgs-unstable 9.9
- nixos-unstable-small 9.9

Package maintainers

@dasJ Janne Heß <janne@hess.ooo>
@mdaniels5757 Michael Daniels <nix@mdaniels.me>
@infinisil Silvan Mosberger <contact@infinisil.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>
@balsoft Alexander Bantyev <balsoft75@gmail.com>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@emilytrau Emily Trau <emily+nix@downunderctf.com>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@Artturin Artturi N <artturin@artturin.com>
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>