Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-0861
8.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Integer overflow in memalign leads to heap corruption
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.
References
Affected products
glibc
- =<2.42
Matching in nixpkgs
pkgs.libc
GNU C Library
pkgs.glibc
GNU C Library
pkgs.getent
None
pkgs.locale
None
pkgs.mtrace
Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)
pkgs.getconf
None
pkgs.libiconv
None
pkgs.glibcInfo
GNU Info manual of the GNU C Library
pkgs.glibc_multi
None
pkgs.glibcLocales
Locale information for the GNU C Library
pkgs.glibc_memusage
GNU C Library
pkgs.glibcLocalesUtf8
Locale information for the GNU C Library
pkgs.unixtools.getent
None
pkgs.unixtools.locale
None
pkgs.unixtools.getconf
None
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
Package maintainers
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>