Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2025-4373
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 11 months, 1 week ago
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

References

Affected products

glib
  • <2.84.2
bootc
glib2
  • *
loupe
librsvg2
mingw-glib2
glycin-loaders
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

Package maintainers