Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-0838

created 1 year, 1 month ago

Heap Buffer overflow in Abseil

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

References

Affected products

abseil-cpp

<5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

Matching in nixpkgs

pkgs.abseil-cpp_202103

Open-source collection of C++ code designed to augment the C++ standard library

nixos-unstable 20210324.2
- nixpkgs-unstable 20210324.2
- nixos-unstable-small 20210324.2

pkgs.abseil-cpp_202301

Open-source collection of C++ code designed to augment the C++ standard library

nixos-unstable 20230125.4
- nixpkgs-unstable 20230125.4
- nixos-unstable-small 20230125.4

pkgs.abseil-cpp_202401

Open-source collection of C++ code designed to augment the C++ standard library

nixos-unstable 20240116.2
- nixpkgs-unstable 20240116.2
- nixos-unstable-small 20240116.2

pkgs.abseil-cpp_202407

Open-source collection of C++ code designed to augment the C++ standard library

nixos-unstable 20240722.0
- nixpkgs-unstable 20240722.0
- nixos-unstable-small 20240722.0

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@andersk Anders Kaseorg <andersk@mit.edu>