Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: nebula

Found 1 matching suggestions

Published
Permalink CVE-2026-25793
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed
    7 packages
    • nebula-sans
    • ant-nebula-theme
    • nebula-lighthouse-service
    • terraform-providers.opennebula
    • python312Packages.nebula3-python
    • terraform-providers.opennebula_opennebula
    • python312Packages.llama-index-graph-stores-nebula
    1 month ago
  • @LeSuisse accepted 1 month ago
  • @LeSuisse published on GitHub 1 month ago
Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3.

References

Affected products

nebula
  • ==>= 1.7.0, < 1.10.3

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962
Upstream patch: https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21