Nixpkgs security tracker

Dismissed

Permalink CVE-2016-20038

8.4 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 4 weeks ago
@LeSuisse ignored
9 packages
- cherrytree
- haskellPackages.polytree
- python312Packages.anytree
- python313Packages.anytree
- python314Packages.anytree
- haskellPackages.TernaryTrees
- python312Packages.textual-universal-directorytree
- python313Packages.textual-universal-directorytree
- python314Packages.textual-universal-directorytree
1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse dismissed 1 month, 3 weeks ago

yTree 1.94-1.1 Stack-Based Buffer Overflow

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.

References

ExploitDB-39406 exploit
Official Product Homepage product
VulnCheck Advisory: yTree 1.94-1.1 Stack-Based Buffer Overflow third-party-advisory

Affected products

yTree

==1.94-1.1

Matching in nixpkgs

pkgs.ytree

Curses-based file manager similar to DOS Xtree(TM)

nixos-unstable 2.10
- nixpkgs-unstable 2.10
- nixos-unstable-small 2.10
nixos-25.11 2.10
- nixos-25.11-small 2.10
- nixpkgs-25.11-darwin 2.10

Ignored packages (9)

pkgs.cherrytree

Hierarchical note taking application

nixos-unstable 1.6.3
- nixpkgs-unstable 1.6.3
- nixos-unstable-small 1.6.3
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.haskellPackages.polytree

A polymorphic rose-tree

nixos-unstable 0.0.9
- nixpkgs-unstable 0.0.9
- nixos-unstable-small 0.0.9
nixos-25.11 0.0.9
- nixos-25.11-small 0.0.9
- nixpkgs-25.11-darwin 0.0.9

pkgs.python312Packages.anytree

Powerful and Lightweight Python Tree Data Structure

nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python313Packages.anytree

Powerful and Lightweight Python Tree Data Structure

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python314Packages.anytree

Powerful and Lightweight Python Tree Data Structure

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0

pkgs.haskellPackages.TernaryTrees

Efficient pure ternary tree Sets and Maps

nixos-unstable 0.2.0.2
- nixpkgs-unstable 0.2.0.2
- nixos-unstable-small 0.2.0.2
nixos-25.11 0.2.0.2
- nixos-25.11-small 0.2.0.2
- nixpkgs-25.11-darwin 0.2.0.2

pkgs.python312Packages.textual-universal-directorytree

Textual plugin for a DirectoryTree compatible with remote filesystems

nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python313Packages.textual-universal-directorytree

Textual plugin for a DirectoryTree compatible with remote filesystems

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0
nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python314Packages.textual-universal-directorytree

Textual plugin for a DirectoryTree compatible with remote filesystems

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0

Old issue, current stable branch was never impacted

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.ytree

pkgs.cherrytree

pkgs.haskellPackages.polytree

pkgs.python312Packages.anytree

pkgs.python313Packages.anytree

pkgs.python314Packages.anytree

pkgs.haskellPackages.TernaryTrees

pkgs.python312Packages.textual-universal-directorytree

pkgs.python313Packages.textual-universal-directorytree

pkgs.python314Packages.textual-universal-directorytree