Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-15281
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
References
Affected products
glibc
- =<2.42
Matching in nixpkgs
pkgs.libc
GNU C Library
pkgs.glibc
GNU C Library
pkgs.getent
None
pkgs.locale
None
pkgs.mtrace
Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)
pkgs.getconf
None
pkgs.libiconv
None
pkgs.glibcInfo
GNU Info manual of the GNU C Library
pkgs.glibc_multi
None
pkgs.glibcLocales
Locale information for the GNU C Library
pkgs.glibc_memusage
GNU C Library
pkgs.glibcLocalesUtf8
Locale information for the GNU C Library
pkgs.unixtools.getent
None
pkgs.unixtools.locale
None
pkgs.unixtools.getconf
None
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
Package maintainers
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>