Nixpkgs security tracker

Untriaged

Permalink CVE-2019-25602

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 4 weeks ago

GSearch 1.0.1.0 Denial of Service via Search Input

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.

References

ExploitDB-47026 exploit
Product Reference product
VulnCheck Advisory: GSearch 1.0.1.0 Denial of Service via Search Input third-party-advisory

Affected products

GSearch

==1.0.1.0

Matching in nixpkgs

pkgs.vdrPlugins.epgsearch

Searchtimer and replacement of the VDR program menu

nixos-unstable 2.4.5
- nixpkgs-unstable 2.4.5
- nixos-unstable-small 2.4.5
nixos-25.11 2.4.4
- nixos-25.11-small 2.4.4
- nixpkgs-25.11-darwin 2.4.4

pkgs.haskellPackages.stringsearch

Fast searching, splitting and replacing of ByteStrings

nixos-unstable 0.3.6.6
- nixpkgs-unstable 0.3.6.6
- nixos-unstable-small 0.3.6.6
nixos-25.11 0.3.6.6
- nixos-25.11-small 0.3.6.6
- nixpkgs-25.11-darwin 0.3.6.6

pkgs.haskellPackages.gogol-kgsearch

Google Knowledge Graph Search SDK

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

Package maintainers

@ck3d Christian Kögler <ck3d@gmx.de>