Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: libidn

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-57053
4.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 1 day ago by @LeSuisse Activity log
  • Created suggestion 1 day, 10 hours ago
  • @LeSuisse ignored
    5 packages
    • libidn2
    • perlPackages.NetLibIDN2
    • perl5Packages.NetLibIDN2
    • perl538Packages.NetLibIDN2
    • perl540Packages.NetLibIDN2
    1 day ago
  • @LeSuisse accepted 1 day ago
  • @LeSuisse published on GitHub 1 day ago
GNU libidn before 1.44 is prone to out-of-bounds reads of …

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

Affected products

libidn
  • <1.44

Matching in nixpkgs

pkgs.libidn

Library for internationalized domain names

  • nixos-unstable 1.43
    • nixpkgs-unstable 1.43
    • nixos-unstable-small 1.43
  • nixos-26.05 1.43
    • nixos-26.05-small 1.43
    • nixpkgs-26.05-darwin 1.43
Ignored packages (5)

pkgs.libidn2

Free software implementation of IDNA2008 and TR46