Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-0395
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
When the assert() function in the GNU C Library versions …
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
References
Affected products
glibc
- =<2.40
Matching in nixpkgs
pkgs.mtrace
Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)
pkgs.glibcInfo
GNU Info manual of the GNU C Library
pkgs.glibc_multi
None
pkgs.glibcLocales
Locale information for the GNU C Library
pkgs.glibc_memusage
GNU C Library
pkgs.glibcLocalesUtf8
Locale information for the GNU C Library
pkgs.unixtools.getent
None
pkgs.unixtools.locale
None
pkgs.unixtools.getconf
None
pkgs.minimal-bootstrap.glibc
The GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.42
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
-
nixos-25.11 -
Package maintainers
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
-
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
-
@Artturin Artturi N <artturin@artturin.com>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>
-
@pyrox0 Pyrox <pyrox@pyrox.dev>
-
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>