Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: podman-bootc

Found 5 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-1484
4.2 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 3 months, 2 weeks ago Activity log
  • Created suggestion 3 months, 2 weeks ago
Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.papers

GNOME's document viewer

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.qbootctl

Qualcomm bootctl HAL for Linux

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235

Package maintainers

Untriaged
Permalink CVE-2026-1489
5.4 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 3 months, 2 weeks ago Activity log
  • Created suggestion 3 months, 2 weeks ago
Glib: glib: memory corruption via integer overflow in unicode case conversion

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.papers

GNOME's document viewer

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.qbootctl

Qualcomm bootctl HAL for Linux

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235

Package maintainers

Untriaged
Permalink CVE-2026-1485
2.8 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
created 3 months, 2 weeks ago Activity log
  • Created suggestion 3 months, 2 weeks ago
Glib: glib: local denial of service via buffer underflow in content type parsing

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.papers

GNOME's document viewer

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.qbootctl

Qualcomm bootctl HAL for Linux

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235

Package maintainers

Untriaged
Permalink CVE-2025-11065
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 3 months, 2 weeks ago Activity log
  • Created suggestion 3 months, 2 weeks ago
Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

Affected products

podman
toolbox
openshift
microshift
gvisor-tap-vsock
rhtas/cosign-rhel9
rhtas/fulcio-rhel9
devspaces/udi-rhel9
rhtas/gitsign-rhel9
rhtas/rekor-cli-rhel9
devspaces/traefik-rhel9
opentelemetry-collector
devspaces/udi-base-rhel9
rhacm2/acm-grafana-rhel9
rhoai/odh-rhel9-operator
rhtas/rekor-server-rhel9
openshift-pipelines-client
openshift4/ose-helm-operator
redhat-certification-preflight
rhoai/odh-model-registry-rhel9
openshift-gitops-1/argocd-rhel8
openshift-gitops-1/argocd-rhel9
rhtas/timestamp-authority-rhel9
rhacm2/submariner-rhel9-operator
rhtas/rekor-backfill-redis-rhel9
openshift4/ose-helm-rhel9-operator
github.com/go-viper/mapstructure/v2
  • <2.4.0
rhosdt/opentelemetry-collector-rhel8
rhtap-task-runner/rhtap-task-runner-rhel9
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-rhel8-operator
advanced-cluster-security/rhacs-central-db-rhel8
advanced-cluster-security/rhacs-scanner-v4-rhel8
advanced-cluster-security/rhacs-scanner-v4-db-rhel8
zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9
zero-trust-workload-identity-manager/spiffe-spire-server-rhel9
zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9
zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

pkgs.bctoolbox

Utilities library for Linphone

pkgs.lttoolbox

Finite state compiler, processor and helper tools used by apertium

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

pkgs.devtoolbox

Development tools at your fingertips

pkgs.podman-compose

Implementation of docker-compose with podman backend

Package maintainers

Untriaged
Permalink CVE-2026-0988
3.7 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
created 3 months, 3 weeks ago Activity log
  • Created suggestion 3 months, 3 weeks ago
Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.papers

GNOME's document viewer

  • nixos-unstable 49.1
    • nixpkgs-unstable 49.1
    • nixos-unstable-small 49.1

pkgs.qbootctl

Qualcomm bootctl HAL for Linux

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235

Package maintainers