Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: aws-c-event-stream

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-5190

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 weeks, 4 days ago

AWS C Event Stream Streaming Decoder Stack Buffer Overflow

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, users should upgrade to version 0.6.0 or later.

References

https://aws.amazon.com/security/security-bulletins/2026-011-aws/ vendor-advisory
https://github.com/awslabs/aws-c-event-stream/security/advisories/GHSA-xvjw-fjq… third-party-advisory
https://github.com/awslabs/aws-c-event-stream/releases/tag/v0.6.0 patch

Affected products

aws-c-event-stream

==0.6.0

Matching in nixpkgs

pkgs.aws-c-event-stream

C99 implementation of the vnd.amazon.eventstream content-type

nixos-unstable 0.5.7
- nixpkgs-unstable 0.5.7
- nixos-unstable-small 0.5.7
nixos-25.11 0.5.7
- nixos-25.11-small 0.5.7
- nixpkgs-25.11-darwin 0.5.7

Package maintainers

@orivej Orivej Desh <orivej@gmx.fr>

1