Nixpkgs security tracker
NIXPKGS-2026-1252
GitHub issue
published on
Permalink
CVE-2026-33611
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
ignored
5 packages
- pdnsd
- pdnsgrep
- pdns-recursor
- home-assistant-component-tests.namecheapdns
- tests.home-assistant-components.namecheapdns
- @LeSuisse accepted
- @LeSuisse published on GitHub
Insufficient validation of HTTPS and SVCB records
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.
Affected products
pdns
- <5.0.4
- <4.9.14
Matching in nixpkgs
Ignored packages (5)
pkgs.pdnsd
Permanent DNS caching
-
nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
-
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par
pkgs.pdnsgrep
Search tool for PowerDNS logs
pkgs.pdns-recursor
Recursive DNS server
pkgs.home-assistant-component-tests.namecheapdns
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-components.namecheapdns
Open source home automation that puts local control and privacy first
Package maintainers
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@NickCao Nick Cao <nickcao@nichi.co>