Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-4750

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): HIGH

created 3 weeks, 4 days ago

Out-of-bounds Read in fabiangreffrath woof

Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.

References

https://github.com/fabiangreffrath/woof/pull/2521 patch

Affected products

woof

<woof_15.3.0

Matching in nixpkgs

pkgs.woof

Web Offer One File - Command-line utility to easily exchange files over a local network

pkgs.woof-doom

Woof! is a continuation of the Boom/MBF bloodline of Doom source ports

nixos-unstable 15.3.0
- nixpkgs-unstable 15.3.0
- nixos-unstable-small 15.3.0
nixos-25.11 15.3.0
- nixos-25.11-small 15.3.0
- nixpkgs-25.11-darwin 15.3.0

Package maintainers

@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
@keenanweaver Keenan Weaver <keenanweaver@protonmail.com>