Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged

Filter by:

With package: mold-wrapped

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-3994

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 week, 3 days ago by @pyrox0 Activity log

Created automatic suggestion 1 week, 3 days ago
@pyrox0 removed
3 packages
- molden
- home-assistant-component-tests.mold_indicator
- tests.home-assistant-component-tests.mold_indicator
1 week, 3 days ago

rui314 mold Object File input-files.cc initialize_sections heap-based overflow

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-350476 | rui314 mold Object File input-files.cc initialize_sections heap-based overflow vdb-entry technical-description
VDB-350476 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #769772 | rui314 mold mold 2.40.4 and main-branch Heap-based Buffer Overflow third-party-advisory
https://github.com/rui314/mold/issues/1548 issue-tracking
https://github.com/oneafter/0209/blob/main/mo2/repro exploit
https://github.com/rui314/mold/ product

Affected products

mold

==2.40.0
==2.40.2
==2.40.3
==2.40.4
==2.40.1

Matching in nixpkgs

pkgs.mold

Faster drop-in replacement for existing Unix linkers (unwrapped)

nixos-unstable 2.40.4
- nixpkgs-unstable 2.40.4
- nixos-unstable-small 2.40.4
nixos-25.11 2.40.4
- nixos-25.11-small 2.40.4
- nixpkgs-25.11-darwin 2.40.4

pkgs.mold-wrapped

Faster drop-in replacement for existing Unix linkers (unwrapped) (wrapper script)

nixos-unstable 2.40.4
- nixpkgs-unstable 2.40.4
- nixos-unstable-small 2.40.4
nixos-25.11 2.40.4
- nixos-25.11-small 2.40.4
- nixpkgs-25.11-darwin 2.40.4

pkgs.mold-unwrapped

Faster drop-in replacement for existing Unix linkers (unwrapped)

nixos-unstable 2.40.4
- nixpkgs-unstable 2.40.4
- nixos-unstable-small 2.40.4

Ignored packages (3)

pkgs.molden

Display and manipulate molecular structures

nixos-unstable 6.3
- nixpkgs-unstable 6.3
- nixos-unstable-small 6.3
nixos-25.11 6.3
- nixos-25.11-small 6.3
- nixpkgs-25.11-darwin 6.3

pkgs.home-assistant-component-tests.mold_indicator

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.mold_indicator

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@azahi Azat Bahawi <azat@bahawi.net>

1