Nixpkgs Security Tracker

Permalink CVE-2026-4427

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 3 days, 4 hours ago

Github.com/jackc/pgproto3: pgproto3: denial of service via negative field length in datarow message

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

References

https://access.redhat.com/security/cve/CVE-2026-4427 x_refsource_REDHAT vdb-entry
RHBZ#2448626 issue-tracking x_refsource_REDHAT
https://github.com/golang/vulndb/issues/4518
https://github.com/jackc/pgproto3
https://github.com/jackc/pgx/issues/2507
https://securityinfinity.com/research/memory-safety-vulnerabilities-in-go-postg…

Affected products

rosa

quay/quay-rhel8

quay/quay-rhel9

osbuild-composer

quay/clair-rhel8

quay/clair-rhel9

rhtas/createtree-rhel9

rhtas/updatetree-rhel9

quay/quay-operator-rhel8

quay/quay-operator-rhel9

ocm-cli-clients/ocm-cli-rhel9

rhai/assisted-installer-rhel9

rhtas/trillian-database-rhel9

rhacm2/acm-search-v2-api-rhel9

rhoai/odh-model-registry-rhel9

rhtas/trillian-logserver-rhel9

rhtas/trillian-logsigner-rhel9

rhacm2/acm-search-indexer-rhel9

openshift4/oc-mirror-plugin-rhel9

openshift4/ose-agent-based-installer

rhai/assisted-installer-controller-rhel9

advanced-cluster-security/rhacs-main-rhel8

advanced-cluster-security/rhacs-roxctl-rhel8

multicluster-engine/assisted-installer-rhel8

multicluster-engine/assisted-installer-rhel9

multicluster-engine/assisted-service-8-rhel8

multicluster-engine/assisted-service-9-rhel9

advanced-cluster-security/rhacs-rhel8-operator

openshift4/ose-agent-installer-api-server-rhel8

openshift4/ose-agent-installer-api-server-rhel9

openshift4/ose-agent-installer-node-agent-rhel8

openshift4/ose-agent-installer-node-agent-rhel9

advanced-cluster-security/rhacs-scanner-v4-rhel8

openshift4/ose-aws-cluster-api-controllers-rhel9

openshift4/ose-agent-installer-csr-approver-rhel8

openshift4/ose-agent-installer-csr-approver-rhel9

openshift4/ose-agent-installer-orchestrator-rhel8

openshift4/ose-agent-installer-orchestrator-rhel9

multicluster-engine/assisted-installer-agent-rhel8

multicluster-engine/assisted-installer-agent-rhel9

multicluster-engine/cluster-api-provider-aws-rhel9

rhoai/odh-data-science-pipelines-argo-argoexec-rhel9

multicluster-engine/assisted-installer-controller-rhel8

multicluster-engine/assisted-installer-controller-rhel9

multicluster-globalhub/multicluster-globalhub-agent-rhel9

multicluster-globalhub/multicluster-globalhub-grafana-rhel9

multicluster-globalhub/multicluster-globalhub-manager-rhel9

multicluster-globalhub/multicluster-globalhub-rhel9-operator

multicluster-globalhub/multicluster-globalhub-operator-bundle

rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9

Matching in nixpkgs

pkgs.rosa

CLI for the Red Hat OpenShift Service on AWS

nixos-unstable 1.2.61
- nixpkgs-unstable 1.2.61
- nixos-unstable-small 1.2.61
nixos-25.11 1.2.57
- nixos-25.11-small 1.2.57
- nixpkgs-25.11-darwin 1.2.57

pkgs.nemorosa

Specialized cross-seeding tool designed for music torrents

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3
nixos-25.11 0.4.1
- nixos-25.11-small 0.4.1
- nixpkgs-25.11-darwin 0.4.1

pkgs.haskellPackages.rosa

Query the namecoin blockchain

nixos-unstable 0.6.0.0
- nixpkgs-unstable 0.6.0.0
- nixos-unstable-small 0.6.0.0
nixos-25.11 0.6.0.0
- nixos-25.11-small 0.6.0.0
- nixpkgs-25.11-darwin 0.6.0.0