Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: rrdtool

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-43958
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 week, 5 days ago by @LeSuisse Activity log
  • Created suggestion 1 week, 5 days ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.rrdtool
    • python314Packages.rrdtool
    • python313Packages.rrdtool
    1 week, 5 days ago
  • @LeSuisse accepted 1 week, 5 days ago
  • @LeSuisse published on GitHub 1 week, 5 days ago
Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.

References

Affected products

rrdtool

Matching in nixpkgs

pkgs.rrdtool

High performance logging in Round Robin Databases

Ignored packages (3)

Package maintainers