Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: cpcfs

Found 5 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-5476
4.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 weeks ago
NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9
  • nixos-25.11 1.9
    • nixos-25.11-small 1.9
    • nixpkgs-25.11-darwin 1.9
Untriaged
Permalink CVE-2026-5475
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 weeks ago
NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9
  • nixos-25.11 1.9
    • nixos-25.11-small 1.9
    • nixpkgs-25.11-darwin 1.9
Untriaged
Permalink CVE-2026-5474
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 weeks ago
NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9
  • nixos-25.11 1.9
    • nixos-25.11-small 1.9
    • nixpkgs-25.11-darwin 1.9
Untriaged
Permalink CVE-2026-5473
4.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 weeks ago
NASA cFS Pickle pickle.load deserialization

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

cFS
  • ==7.0

Matching in nixpkgs

pkgs.cfssl

Cloudflare's PKI and TLS toolkit

pkgs.encfs

Encrypted filesystem in user-space via FUSE

pkgs.lxcfs

FUSE filesystem for LXC

pkgs.gencfsm

EncFS manager and mounter with GNOME3 integration

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9
  • nixos-25.11 1.9
    • nixos-25.11-small 1.9
    • nixpkgs-25.11-darwin 1.9
Untriaged
Permalink CVE-2026-1739
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 2 weeks ago
Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

Affected products

pcf
  • ==1.4.1
  • ==1.4.0

Matching in nixpkgs

pkgs.bdftopcf

Converts X font from Bitmap Distribution Format to Portable Compiled Format

pkgs.xorg.bdftopcf

Converts X font from Bitmap Distribution Format to Portable Compiled Format

Package maintainers