Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1286

NIXPKGS-2026-1286
published on
Permalink CVE-2026-6238
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 11 hours ago by @LeSuisse Activity log
  • Created suggestion 17 hours ago
  • @LeSuisse ignored
    28 packages
    • libc
    • iconv
    • getent
    • locale
    • mtrace
    • getconf
    • libiconv
    • glibcInfo
    • glibc_multi
    • glibcLocales
    • glibc_memusage
    • glibcLocalesUtf8
    • unixtools.getent
    • unixtools.locale
    • unixtools.getconf
    • minimal-bootstrap.glibc
    • tests.hardeningFlags.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags.glibcxxassertionsExplicitEnabled
    • tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags.glibcxxassertionsExplicitDisabled
    • tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
    • tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
    • tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
    • tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
    • tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
    • tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
    • tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
    • tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
    11 hours ago
  • @LeSuisse accepted 11 hours ago
  • @LeSuisse published on GitHub 11 hours ago
Buffer overread in ns_printrrf with corrupted RDATA field

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Affected products

glibc
  • =<0

Matching in nixpkgs

Ignored packages (28)

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

Package maintainers