Nixpkgs security tracker

Permalink CVE-2026-5419

3.7 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 3 weeks, 4 days ago Activity log

Created suggestion 3 weeks, 4 days ago

Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

References

RHSA-2026:20613 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2026-5419 x_refsource_REDHATvdb-entry
RHBZ#2467686 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

*

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.13
- nixpkgs-unstable 3.8.13
- nixos-unstable-small 3.8.13

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1

pkgs.python312Packages.python3-gnutls

None

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2026-5260

8.2 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 month ago Activity log

Created suggestion 1 month ago

Gnutls: gnutls: information disclosure via heap overread in rsa key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

References

https://access.redhat.com/security/cve/CVE-2026-5260 x_refsource_REDHATvdb-entry
RHBZ#2467450 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.13
- nixpkgs-unstable 3.8.13
- nixos-unstable-small 3.8.13

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1

pkgs.python312Packages.python3-gnutls

None

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2026-42013

8.2 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 1 month ago Activity log

Created suggestion 1 month ago

Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

References

https://access.redhat.com/security/cve/CVE-2026-42013 x_refsource_REDHATvdb-entry
RHBZ#2467448 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.13
- nixpkgs-unstable 3.8.13
- nixos-unstable-small 3.8.13

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1

pkgs.python312Packages.python3-gnutls

None

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2026-42015

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 1 month ago Activity log

Created suggestion 1 month ago

Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.

References

https://access.redhat.com/security/cve/CVE-2026-42015 x_refsource_REDHATvdb-entry
RHBZ#2467678 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.13
- nixpkgs-unstable 3.8.13
- nixos-unstable-small 3.8.13

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1

pkgs.python312Packages.python3-gnutls

None

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2026-42012

7.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 1 month ago Activity log

Created suggestion 1 month ago

Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

References

https://access.redhat.com/security/cve/CVE-2026-42012 x_refsource_REDHATvdb-entry
RHBZ#2467441 issue-trackingx_refsource_REDHAT

Affected products

rhcos

gnutls

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.13
- nixpkgs-unstable 3.8.13
- nixos-unstable-small 3.8.13

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 5.0.1
- nixpkgs-unstable 5.0.1
- nixos-unstable-small 5.0.1

pkgs.python312Packages.python3-gnutls

None

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python314Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.gnutls

pkgs.guile-gnutls

pkgs.python312Packages.python3-gnutls

pkgs.python313Packages.python3-gnutls

pkgs.python314Packages.python3-gnutls

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnutls

pkgs.guile-gnutls

pkgs.python312Packages.python3-gnutls

pkgs.python313Packages.python3-gnutls

pkgs.python314Packages.python3-gnutls

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnutls

pkgs.guile-gnutls

pkgs.python312Packages.python3-gnutls

pkgs.python313Packages.python3-gnutls

pkgs.python314Packages.python3-gnutls

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnutls

pkgs.guile-gnutls

pkgs.python312Packages.python3-gnutls

pkgs.python313Packages.python3-gnutls

pkgs.python314Packages.python3-gnutls

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnutls

pkgs.guile-gnutls

pkgs.python312Packages.python3-gnutls

pkgs.python313Packages.python3-gnutls

pkgs.python314Packages.python3-gnutls

Package maintainers