Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: antigravity-fhs

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-40504
9.8 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 3 weeks, 4 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 4 days ago
  • @LeSuisse dismissed (not in Nixpkgs) 3 weeks, 4 days ago
Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.

Affected products

gravity
  • <0.9.6
  • <18b9195598d9b944376754c6d1ad76e38a4adca1

Matching in nixpkgs

pkgs.antigravity-fhs

Wrapped variant of antigravity which launches in a FHS compatible environment, should allow for easy usage of extensions without nix-specific modifications

Package maintainers