Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: doas-sudo-shim

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-35535
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 weeks ago
In Sudo through 1.9.17p2 before 3e474c2, a failure of a …

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Affected products

Sudo
  • <3e474c2f201484be83d994ae10a4e20e8c81bb69

Matching in nixpkgs

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

pkgs.sudo-font

Font for programmers and command line users

  • nixos-unstable 3.4
    • nixpkgs-unstable 3.4
    • nixos-unstable-small 3.4
  • nixos-25.11 3.4
    • nixos-25.11-small 3.4
    • nixpkgs-25.11-darwin 3.4

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

  • nixos-unstable 49.4
    • nixpkgs-unstable 49.4
    • nixos-unstable-small 49.4
  • nixos-25.11 49.2
    • nixos-25.11-small 49.2
    • nixpkgs-25.11-darwin 49.2
Permalink CVE-2005-4890
created 2 months ago
There is a possible tty hijacking in shadow 4.x before …

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

Affected products

sudo
  • ==1.x before 1.7.4
shadow
  • ==4.x before 4.1.5

Matching in nixpkgs

pkgs.su

Suite containing authentication-related tools such as passwd and su

pkgs.shadow

Suite containing authentication-related tools such as passwd and su

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

pkgs.shadowenv

reversible directory-local environment variable manipulations

pkgs.shadowfox

Universal dark theme for Firefox while adhering to the modern design principles set by Mozilla

pkgs.sudo-font

Font for programmers and command line users

  • nixos-unstable 3.4
    • nixpkgs-unstable 3.4
    • nixos-unstable-small 3.4
  • nixos-25.11 3.4
    • nixos-25.11-small 3.4
    • nixpkgs-25.11-darwin 3.4

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

  • nixos-unstable 49.4
    • nixpkgs-unstable 49.4
    • nixos-unstable-small 49.4
  • nixos-25.11 49.2
    • nixos-25.11-small 49.2
    • nixpkgs-25.11-darwin 49.2
Permalink CVE-2023-40550
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 10 months, 2 weeks ago
Shim: out-of-bound read in verify_buffer_sbat()

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

References

Affected products

shim
  • ==15.8-1.el7
  • *
  • ==15.8
shim-signed
  • *
shim-unsigned-x64
  • *
shim-unsigned-aarch64
  • *

Matching in nixpkgs

pkgs.yoshimi

High quality software synthesizer based on ZynAddSubFX

pkgs.libudev0-shim

Shim to preserve libudev.so.0 compatibility

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1

pkgs.plex-mpv-shim

Allows casting of videos to MPV via the Plex mobile and web app

pkgs.jellyfin-mpv-shim

Allows casting of videos to MPV via the jellyfin mobile and web app

Package maintainers

Permalink CVE-2023-40548
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 10 months, 2 weeks ago
Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

References

Affected products

shim
  • ==15.8
  • ==15.8-1.el7
  • *
shim-signed
  • *
shim-unsigned-x64
  • *
shim-unsigned-aarch64
  • *

Matching in nixpkgs

pkgs.yoshimi

High quality software synthesizer based on ZynAddSubFX

pkgs.libudev0-shim

Shim to preserve libudev.so.0 compatibility

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1

pkgs.plex-mpv-shim

Allows casting of videos to MPV via the Plex mobile and web app

pkgs.jellyfin-mpv-shim

Allows casting of videos to MPV via the jellyfin mobile and web app

Package maintainers