NIXPKGS-2026-1287

GitHub issue published on

Permalink CVE-2026-5435

7.3 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

updated 11 hours ago by @LeSuisse Activity log

Created suggestion 17 hours ago
@LeSuisse ignored
28 packages
- libc
- iconv
- getent
- locale
- mtrace
- getconf
- libiconv
- glibcInfo
- glibc_multi
- glibcLocales
- glibc_memusage
- glibcLocalesUtf8
- unixtools.getent
- unixtools.locale
- unixtools.getconf
- minimal-bootstrap.glibc
- tests.hardeningFlags.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
11 hours ago
@LeSuisse accepted 11 hours ago
@LeSuisse published on GitHub 11 hours ago

Potential buffer overflow in ns_sprintrrf TSIG handling path

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34033 issue-tracking
https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91… mailing-list

Affected products

glibc

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

Ignored packages (28)

pkgs.libc

GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.iconv

GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.getent

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.locale

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.getconf

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.libiconv

None

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42
nixos-25.11 2.40
- nixos-25.11-small 2.40
- nixpkgs-25.11-darwin 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc_multi

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.getent

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.locale

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.getconf

None

nixos-unstable 2.42-61
- nixpkgs-unstable 2.42-61
- nixos-unstable-small 2.42-61
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218