Nixpkgs security tracker
NIXPKGS-2026-1253
GitHub issue
published 2 months ago
Permalink
CVE-2026-33608
7.4 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
5 packages
- pdnsd
- pdnsgrep
- pdns-recursor
- home-assistant-component-tests.namecheapdns
- tests.home-assistant-components.namecheapdns
- @LeSuisse accepted
- @LeSuisse published on GitHub
Incomplete domain name sanitization during
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.
References
Ignored references (1)
Affected products
pdns
- <4.9.14
- <5.0.4
Matching in nixpkgs
Ignored packages (5)
pkgs.pdnsd
Permanent DNS caching
-
nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
pkgs.pdnsgrep
Search tool for PowerDNS logs
pkgs.pdns-recursor
Recursive DNS server
pkgs.tests.home-assistant-components.namecheapdns
Open source home automation that puts local control and privacy first
Package maintainers
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>