Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1246

NIXPKGS-2026-1246

GitHub issue published on

Permalink CVE-2026-33261

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 5 hours ago by @LeSuisse Activity log

Created automatic suggestion 11 hours ago
@LeSuisse ignored package rotp 7 hours ago
@LeSuisse accepted 7 hours ago
@LeSuisse published on GitHub 5 hours ago

Null pointer accces in aggressive NSEC(3) cache

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

References

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerd…

Affected products

pdns-recursor

<5.3.6
<5.4.1
<5.2.9

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>