Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: mold

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-3994

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @pyrox0 Activity log

Created suggestion 2 months, 1 week ago
@pyrox0 ignored
3 packages
- molden
- home-assistant-component-tests.mold_indicator
- tests.home-assistant-component-tests.mold_indicator
2 months, 1 week ago

rui314 mold Object File input-files.cc initialize_sections heap-based overflow

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-350476 | rui314 mold Object File input-files.cc initialize_sections heap-based overflow vdb-entrytechnical-description
VDB-350476 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #769772 | rui314 mold mold 2.40.4 and main-branch Heap-based Buffer Overflow third-party-advisory
https://github.com/rui314/mold/issues/1548 issue-tracking
https://github.com/oneafter/0209/blob/main/mo2/repro exploit
https://github.com/rui314/mold/ product

Affected products

mold

==2.40.3
==2.40.0
==2.40.1
==2.40.2
==2.40.4

Matching in nixpkgs

pkgs.mold

Faster drop-in replacement for existing Unix linkers (unwrapped)

nixos-unstable 2.40.4
- nixpkgs-unstable 2.40.4
- nixos-unstable-small 2.40.4
nixos-25.11 2.40.4
- nixos-25.11-small 2.40.4
- nixpkgs-25.11-darwin 2.40.4

pkgs.mold-wrapped

Faster drop-in replacement for existing Unix linkers (unwrapped) (wrapper script)

nixos-unstable 2.40.4
- nixpkgs-unstable 2.40.4
- nixos-unstable-small 2.40.4
nixos-25.11 2.40.4
- nixos-25.11-small 2.40.4
- nixpkgs-25.11-darwin 2.40.4

pkgs.mold-unwrapped

Faster drop-in replacement for existing Unix linkers (unwrapped)

nixos-unstable 2.40.4
- nixpkgs-unstable 2.40.4
- nixos-unstable-small 2.40.4

Ignored packages (3)

pkgs.molden

Display and manipulate molecular structures

nixos-unstable 6.3
- nixpkgs-unstable 6.3
- nixos-unstable-small 6.3
nixos-25.11 6.3
- nixos-25.11-small 6.3
- nixpkgs-25.11-darwin 6.3

pkgs.home-assistant-component-tests.mold_indicator

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.mold_indicator

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@azahi Azat Bahawi <azat@bahawi.net>

1