Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-4046
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
iconv crash due to assertion failure with untrusted input
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
References
Affected products
glibc
- *
Matching in nixpkgs
pkgs.libc
GNU C Library
pkgs.glibc
GNU C Library
pkgs.getent
None
pkgs.locale
None
pkgs.mtrace
Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)
pkgs.getconf
None
pkgs.libiconv
None
pkgs.glibcInfo
GNU Info manual of the GNU C Library
pkgs.glibc_multi
None
pkgs.glibcLocales
Locale information for the GNU C Library
pkgs.glibc_memusage
GNU C Library
pkgs.glibcLocalesUtf8
Locale information for the GNU C Library
pkgs.unixtools.getent
None
pkgs.unixtools.locale
None
pkgs.unixtools.getconf
None
pkgs.minimal-bootstrap.glibc
The GNU C Library
Package maintainers
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
-
@Artturin Artturi N <artturin@artturin.com>
-
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
-
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
-
@pyrox0 Pyrox <pyrox@pyrox.dev>
-
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>