Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

With package: haskellPackages.git-brunch

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-41579
3.3 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 2 weeks, 1 day ago Activity log
  • Created suggestion
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names and targets in an arbitrary pre-existing host directory. This issue is not exploitable under Docker, because Docker creates a top-level read-only layer that masks any malicious /dev symlink present in the container image — unlike some other Linux container tooling, whose higher-level runtimes built on runc remain exposed to exploitation via a malicious image. This issue has been fixed in versions 1.3.6, 1.4.3 and 1.5.0.

Affected products

runc
  • ==>= 1.5.0-rc.1, < 1.5.0-rc.3
  • ==< 1.3.6
  • ==>= 1.4.0-rc.1, < 1.4.3

Matching in nixpkgs

pkgs.runc

CLI tool for spawning and running containers according to the OCI specification

pkgs.crunch

Wordlist generator

  • nixos-unstable 3.6
    • nixpkgs-unstable 3.6
    • nixos-unstable-small 3.6
  • nixos-26.05 3.6
    • nixos-26.05-small 3.6
    • nixpkgs-26.05-darwin 3.6

pkgs.gnomeExtensions.runcat

The cat tells you the CPU usage by running speed

  • nixos-unstable 32
    • nixpkgs-unstable 32
    • nixos-unstable-small 32
  • nixos-26.05 32
    • nixos-26.05-small 32
    • nixpkgs-26.05-darwin 32

Package maintainers