Nixpkgs Security Tracker

Permalink CVE-2024-8443

3.4 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 months ago

Libopensc: heap buffer overflow in openpgp driver when generating key

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

References

https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

<0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable -
- nixpkgs-unstable 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable -
- nixpkgs-unstable 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable -
- nixpkgs-unstable 1.4.2

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable -
- nixpkgs-unstable 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable -
- nixpkgs-unstable 2025-06-04

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable -
- nixpkgs-unstable 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable -
- nixpkgs-unstable 1.3.2

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Curious-r Curious <curious@curious.host>
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>

Permalink CVE-2023-6841

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Keycloak: amount of attributes per object is not limited and it may lead to dos

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

References

https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6841 x_refsource_REDHAT vdb-entry
RHBZ#2254714 issue-tracking x_refsource_REDHAT

Affected products

keycloak

<24.0.0

rh-sso7-keycloak

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable -
- nixpkgs-unstable 26.3.4

pkgs.terraform-providers.keycloak

None

nixos-unstable -
- nixpkgs-unstable 5.4.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable -
- nixpkgs-unstable 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable -
- nixpkgs-unstable 4.0.0

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>

Permalink CVE-2024-45034

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.

References

Affected products

airflow

<2.10.1

apache-airflow

<2.10.1

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable -
- nixpkgs-unstable 2.7.3

Package maintainers

@bhipple Benjamin Hipple <bhipple@protonmail.com>
@ingenieroariel Ariel Nunez <ariel@nunez.co>
@gbpdt Graham Bennett <nix@pdtpartners.com>

Permalink CVE-2024-45498

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Apache Airflow: Command Injection in an example DAG

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

References

Affected products

airflow

==2.10.0

apache-airflow

==2.10.0

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable -
- nixpkgs-unstable 2.7.3

Package maintainers

@bhipple Benjamin Hipple <bhipple@protonmail.com>
@ingenieroariel Ariel Nunez <ariel@nunez.co>
@gbpdt Graham Bennett <nix@pdtpartners.com>

Permalink CVE-2024-8445

5.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

References

RHBZ#2310110 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
RHBZ#2310110 issue-tracking x_refsource_REDHAT
RHSA-2024:7434 vendor-advisory x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html

Affected products

389-ds-base

==3.1.1
*

389-ds:1.4/389-ds-base

redhat-ds:11/389-ds-base

redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

nixos-unstable -
- nixpkgs-unstable 3.1.3

Package maintainers

@ners ners <ners@gmx.ch>

Permalink CVE-2024-8418

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service

A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns.

References

RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
https://github.com/containers/aardvark-dns/pull/503
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
RHSA-2025:7094 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHSA-2025:7094 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
RHSA-2025:7094 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHBZ#2309683 issue-tracking x_refsource_REDHAT
RHSA-2025:7094 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
RHSA-2025:7094 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8418 x_refsource_REDHAT vdb-entry
RHBZ#2309683 issue-tracking x_refsource_REDHAT
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503

Affected products

rhcos

aardvark-dns

*

containers-common

containers/aardvark-dns

==1.12.0
==1.12.1

container-tools:rhel8/aardvark-dns

container-tools:rhel8/containers-common

Matching in nixpkgs

pkgs.aardvark-dns

Authoritative dns server for A/AAAA container records

nixos-unstable -
- nixpkgs-unstable 1.16.0

Package maintainers

@vdemeester Vincent Demeester <vincent@sbr.pm>
@saschagrunert Sascha Grunert <mail@saschagrunert.de>

Permalink CVE-2024-45620

3.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

Libopensc: incorrect handling of the length of buffers or files in pkcs15init

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://access.redhat.com/security/cve/CVE-2024-45620 x_refsource_REDHAT vdb-entry
RHBZ#2309289 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable -
- nixpkgs-unstable 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable -
- nixpkgs-unstable 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable -
- nixpkgs-unstable 1.4.2

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable -
- nixpkgs-unstable 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable -
- nixpkgs-unstable 2025-06-04

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable -
- nixpkgs-unstable 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable -
- nixpkgs-unstable 1.3.2

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Curious-r Curious <curious@curious.host>
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>

Permalink CVE-2024-45617

3.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://access.redhat.com/security/cve/CVE-2024-45617 x_refsource_REDHAT vdb-entry
RHBZ#2309286 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

libopensc

<0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable -
- nixpkgs-unstable 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable -
- nixpkgs-unstable 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable -
- nixpkgs-unstable 1.4.2

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable -
- nixpkgs-unstable 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable -
- nixpkgs-unstable 2025-06-04

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable -
- nixpkgs-unstable 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable -
- nixpkgs-unstable 1.3.2

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Curious-r Curious <curious@curious.host>
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>

Permalink CVE-2024-45619

3.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

Libopensc: incorrect handling length of buffers or files in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://access.redhat.com/security/cve/CVE-2024-45619 x_refsource_REDHAT vdb-entry
RHBZ#2309288 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable -
- nixpkgs-unstable 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable -
- nixpkgs-unstable 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable -
- nixpkgs-unstable 1.4.2

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable -
- nixpkgs-unstable 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable -
- nixpkgs-unstable 2025-06-04

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable -
- nixpkgs-unstable 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable -
- nixpkgs-unstable 1.3.2

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Curious-r Curious <curious@curious.host>
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>

Permalink CVE-2024-45618

3.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://access.redhat.com/security/cve/CVE-2024-45618 x_refsource_REDHAT vdb-entry
RHBZ#2309287 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable -
- nixpkgs-unstable 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable -
- nixpkgs-unstable 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable -
- nixpkgs-unstable 1.4.2

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable -
- nixpkgs-unstable 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable -
- nixpkgs-unstable 2025-06-04

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable -
- nixpkgs-unstable 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable -
- nixpkgs-unstable 1.3.2

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Curious-r Curious <curious@curious.host>
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.opensc

pkgs.openscad

pkgs.openscap

pkgs.openscad-lsp

pkgs.openscenegraph

pkgs.openscad-unstable

pkgs.kakounePlugins.openscad-kak

pkgs.vscode-extensions.antyos.openscad

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.keycloak

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

pkgs.python313Packages.python-keycloak

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.apache-airflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.apache-airflow

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs._389-ds-base

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.aardvark-dns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.opensc

pkgs.openscad

pkgs.openscap

pkgs.openscad-lsp

pkgs.openscenegraph

pkgs.openscad-unstable

pkgs.kakounePlugins.openscad-kak

pkgs.vscode-extensions.antyos.openscad

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.opensc

pkgs.openscad

pkgs.openscap

pkgs.openscad-lsp

pkgs.openscenegraph

pkgs.openscad-unstable

pkgs.kakounePlugins.openscad-kak

pkgs.vscode-extensions.antyos.openscad

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.opensc

pkgs.openscad

pkgs.openscap

pkgs.openscad-lsp

pkgs.openscenegraph

pkgs.openscad-unstable

pkgs.kakounePlugins.openscad-kak

pkgs.vscode-extensions.antyos.openscad

Package maintainers

References

Affected products

Matching in nixpkgs