Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-2037

created 1 month, 3 weeks ago

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27935.

References

ZDI-26-074 x_research-advisory

Affected products

Archiver

==15.10

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

nixos-25.11 3.5.1
- nixos-25.11-small 3.5.1
- nixpkgs-25.11-darwin 3.5.1

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

nixos-unstable 0.5.4.26
- nixpkgs-unstable 0.5.4.26
- nixos-unstable-small 0.5.4.26
nixos-25.11 0.5.4.26
- nixos-25.11-small 0.5.4.26
- nixpkgs-25.11-darwin 0.5.4.26

pkgs.fsarchiver

File system archiver for linux

nixos-unstable 0.8.9
- nixpkgs-unstable 0.8.9
- nixos-unstable-small 0.8.9
nixos-25.11 0.8.8
- nixos-25.11-small 0.8.8
- nixpkgs-25.11-darwin 0.8.8

pkgs.the-unarchiver

Unpacks archive files

nixos-unstable 4.3.9
- nixpkgs-unstable 4.3.9
- nixos-unstable-small 4.3.9
nixos-25.11 4.3.9
- nixos-25.11-small 4.3.9
- nixpkgs-25.11-darwin 4.3.9

pkgs.lxqt.lxqt-archiver

Archive tool for the LXQt desktop environment

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.CuboCore.corearchiver

Archiver from the C Suite to create and extract archives

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.11 5.0.0
- nixos-25.11-small 5.0.0
- nixpkgs-25.11-darwin 5.0.0

pkgs.wayback-machine-archiver

Python script to submit web pages to the Wayback Machine for archiving

nixos-unstable 1.9.1
- nixpkgs-unstable 1.9.1
- nixos-unstable-small 1.9.1
nixos-25.11 1.9.1
- nixos-25.11-small 1.9.1
- nixpkgs-25.11-darwin 1.9.1

pkgs.python312Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

nixos-25.11 1.5.2
- nixos-25.11-small 1.5.2
- nixpkgs-25.11-darwin 1.5.2

pkgs.python313Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

nixos-unstable 1.5.2
- nixpkgs-unstable 1.5.2
- nixos-unstable-small 1.5.2
nixos-25.11 1.5.2
- nixos-25.11-small 1.5.2
- nixpkgs-25.11-darwin 1.5.2

pkgs.python314Packages.nskeyedunarchiver

Unserializes plist data into a usable Python dict

nixos-unstable 1.5.2
- nixpkgs-unstable 1.5.2
- nixos-unstable-small 1.5.2

Package maintainers

@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@jchv John Chadwick <johnwchadwick@gmail.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@PapayaJackal PapayaJackal
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
@D4ndellion Daniel Olsen <daniel@dodsorf.as>
@domenkozar Domen Kozar <domen@dev.si>