Nixpkgs security tracker

Untriaged

Permalink CVE-2026-35535

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 weeks ago

In Sudo through 1.9.17p2 before 3e474c2, a failure of a …

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

References

Affected products

Sudo

<3e474c2f201484be83d994ae10a4e20e8c81bb69

Matching in nixpkgs

pkgs.sudo

Command to run commands as root

nixos-unstable 1.9.17p2
- nixpkgs-unstable 1.9.17p2
- nixos-unstable-small 1.9.17p2
nixos-25.11 1.9.17p2
- nixos-25.11-small 1.9.17p2
- nixpkgs-25.11-darwin 1.9.17p2

pkgs.qsudo

Graphical sudo utility from Project Trident

nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27

pkgs.sudo-rs

Memory safe implementation of sudo and su

nixos-unstable 0.2.13
- nixpkgs-unstable 0.2.13
- nixos-unstable-small 0.2.13
nixos-25.11 0.2.13
- nixos-25.11-small 0.2.13
- nixpkgs-25.11-darwin 0.2.13

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.sudo-font

Font for programmers and command line users

nixos-unstable 3.4
- nixpkgs-unstable 3.4
- nixos-unstable-small 3.4
nixos-25.11 3.4
- nixos-25.11-small 3.4
- nixpkgs-25.11-darwin 3.4

pkgs.darwin.sudo

None

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

nixos-unstable 49.4
- nixpkgs-unstable 49.4
- nixos-unstable-small 49.4
nixos-25.11 49.2
- nixos-25.11-small 49.2
- nixpkgs-25.11-darwin 49.2

pkgs.doas-sudo-shim

Shim for the sudo command that utilizes doas

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.lxqt.lxqt-sudo

GUI frontend for sudo/su

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.yaziPlugins.sudo

Call `sudo` in yazi

nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05

pkgs.libsForQt5.ksudoku

Suduko game

pkgs.kdePackages.ksudoku

KSudoku is a logic-based symbol placement puzzle

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3