Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: systemd-bootchart

Found 13 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-29111
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 5 days, 13 hours ago
systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

References

Affected products

systemd
  • ==>= 259, < 259.2
  • ==>= 239, < 257.11
  • ==>= 258, < 258.5

Matching in nixpkgs

Untriaged
Permalink CVE-2012-1101
created 1 month, 1 week ago
systemd 37-1 does not properly handle non-existent services, which causes …

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

References

Affected products

systemd
  • ==37-1

Matching in nixpkgs

Untriaged
Permalink CVE-2026-1484
4.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months ago
Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

Package maintainers

Untriaged
Permalink CVE-2026-1489
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 months ago
Glib: glib: memory corruption via integer overflow in unicode case conversion

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

Package maintainers

Untriaged
Permalink CVE-2026-1485
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months ago
Glib: glib: local denial of service via buffer underflow in content type parsing

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

Package maintainers

Untriaged
Permalink CVE-2026-0988
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 2 months, 1 week ago
Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

References

Affected products

bootc
glib2
loupe
papers
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

Package maintainers

Untriaged
Permalink CVE-2025-4056
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 1 week ago
Glib: glib crash after long command line

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

References

Affected products

glib
  • <2.84.1
bootc
glib2
loupe
librsvg2
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.glib

C library of programming buildings blocks

  • nixos-unstable -

pkgs.libc

GNU C Library

pkgs.bootc

Boot and upgrade via container images

  • nixos-unstable -

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable -

pkgs.alglib

Numerical analysis and data processing library

  • nixos-unstable -

pkgs.glibmm

C++ interface to the GLib library

  • nixos-unstable -

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

pkgs.spglib

C library for finding and handling crystal symmetries

  • nixos-unstable -

pkgs.taglib

Library for reading and editing audio file metadata

  • nixos-unstable -

pkgs.taglib_1

Library for reading and editing audio file metadata

  • nixos-unstable -

pkgs.dbus-glib

Obsolete glib bindings for D-Bus lightweight IPC mechanism

  • nixos-unstable -

pkgs.glibcInfo

GNU Info manual of the GNU C Library

pkgs.json-glib

Library providing (de)serialization support for the JavaScript Object Notation (JSON) format

  • nixos-unstable -

pkgs.i3ipc-glib

C interface library to i3wm

  • nixos-unstable -

pkgs.libdbusmenu

Library for passing menu structures across DBus

pkgs.libzim-glib

Partial GObject/C bindings for libzim

  • nixos-unstable -

pkgs.glib-testing

Test library providing test harnesses and mock classes complementing the classes provided by GLib

  • nixos-unstable -

pkgs.jsonrpc-glib

Library to communicate using the JSON-RPC 2.0 specification

  • nixos-unstable -

pkgs.libgit2-glib

Glib wrapper library around the libgit2 git access library

  • nixos-unstable -

pkgs.libqrtr-glib

Qualcomm IPC Router protocol helper library

  • nixos-unstable -

pkgs.libvirt-glib

Wrapper library of libvirt for glib-based applications

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.taglib-sharp

Library for reading and writing metadata in media files

pkgs.template-glib

Library for template expansion which supports calling into GObject Introspection from templates

  • nixos-unstable -

pkgs.appstream-glib

Objects and helper methods to read and write AppStream metadata

  • nixos-unstable -

pkgs.geocode-glib_2

Convenience library for the geocoding and reverse geocoding using Nominatim service

  • nixos-unstable -

pkgs.libsignon-glib

Library for managing single signon credentials which can be used from GLib applications

  • nixos-unstable -

pkgs.libaccounts-glib

Library for managing accounts which can be used from GLib applications

  • nixos-unstable -

pkgs.haskellPackages.uu-parsinglib

Fast, online, error-correcting, monadic, applicative, merging, permuting, interleaving, idiomatic parser combinators

  • nixos-unstable -

pkgs.python312Packages.python-hglib

Library with a fast, convenient interface to Mercurial. It uses Mercurial’s command server for communication with hg

  • nixos-unstable -

pkgs.python313Packages.python-hglib

Library with a fast, convenient interface to Mercurial. It uses Mercurial’s command server for communication with hg

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2025-6052
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 1 week ago
Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

References

Affected products

bootc
glib2
loupe
librsvg2
rpm-ostree
mingw-glib2
glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

  • nixos-unstable -

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -
Untriaged
Permalink CVE-2025-4598
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months, 1 week ago
Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

References

Affected products

rhcos
systemd
  • *
rpm-ostree
NetworkManager
systemd-coredump
  • <256.14
  • <253.32
  • <252.37
  • <257.6
  • <254.25
  • <255.19
rhceph/rhceph-7-rhel9
  • *
rhceph/rhceph-8-rhel9
  • *
discovery/discovery-ui-rhel9
  • *
discovery/discovery-server-rhel9
  • *
insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

  • nixos-unstable -

pkgs.systemd

System and service manager for Linux

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.systemd-lsp

Language server implementation for systemd unit files made in Rust

  • nixos-unstable -

pkgs.systemdLibs

System and service manager for Linux

  • nixos-unstable -

pkgs.rofi-systemd

Control your systemd units using rofi

  • nixos-unstable -

pkgs.systemdUkify

System and service manager for Linux

  • nixos-unstable -

pkgs.check_systemd

Nagios / Icinga monitoring plugin to check systemd for failed units

  • nixos-unstable -

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

  • nixos-unstable -

pkgs.systemd-lock-handler

Translates systemd-system lock/sleep signals into systemd-user target activations

  • nixos-unstable -

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

  • nixos-unstable -
Untriaged
Permalink CVE-2025-4373
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 1 week ago
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

References

Affected products

glib
  • <2.84.2
bootc
glib2
  • *
loupe
librsvg2
mingw-glib2
glycin-loaders
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

Package maintainers