Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: haskellPackages.AvlTree

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-24909

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to …

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.

References

Affected products

vlt

<1.0.0-rc.10

Matching in nixpkgs

pkgs.haskellPackages.AvlTree

Balanced binary trees using the AVL algorithm

nixos-unstable 4.3
- nixpkgs-unstable 4.3
- nixos-unstable-small 4.3

1