Nixpkgs security tracker
6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
References
Affected products
- =<126
Matching in nixpkgs
pkgs.polkit
Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes
pkgs.cmd-polkit
Easily create polkit authentication agents by using commands
pkgs.polkit_gnome
Dbus session bus service that is used to bring up authentication dialogs
pkgs.hyprpolkitagent
Polkit authentication agent written in QT/QML
pkgs.mate.mate-polkit
Integrates polkit authentication for MATE desktop
pkgs.pcscliteWithPolkit
Middleware to access a smart card using SCard API (PC/SC)
pkgs.libsForQt5.polkit-qt
Qt wrapper around PolKit
pkgs.deepin.dde-polkit-agent
PolicyKit agent for Deepin Desktop Environment
pkgs.kdePackages.polkit-qt-1
Qt wrapper around Polkit-1 client libraries
pkgs.plasma5Packages.polkit-qt
Qt wrapper around PolKit
pkgs.lomiri.lomiri-polkit-agent
Policy kit agent for the Lomiri desktop
pkgs.libsForQt5.polkit-kde-agent
None
pkgs.kdePackages.polkit-kde-agent-1
Daemon providing a Polkit authentication UI for Plasma
pkgs.pantheon.pantheon-agent-polkit
Polkit Agent for the Pantheon Desktop
pkgs.plasma5Packages.polkit-kde-agent
None
Package maintainers
-
@Daru-san Daru <zadarumaka@proton.me>
-
@wineee Lu Hongxu <lhongxu@outlook.com>
-
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
-
@fufexan Fufezan Mihai <fufexan@protonmail.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@johannesloetzsch Johannes Lötzsch <github@johannesloetzsch.de>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@davidak David Kleuker <post@davidak.de>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>