Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: libucl

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-0708
8.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
created 2 months, 1 week ago Activity log
  • Created suggestion 2 months, 1 week ago
Libucl: libucl: denial of service via embedded null byte in ucl input

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.

References

Affected products

libucl
  • ==3e7f023e184e06f30fb5792dacd9dd0f8b692f1b

Matching in nixpkgs

pkgs.libucl

Universal configuration library parser

Package maintainers