Nixpkgs security tracker

Untriaged

Permalink CVE-2026-1990

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

oatpp Type.hpp ObjectWrapper null pointer dereference

A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-344508 | oatpp Type.hpp ObjectWrapper null pointer dereference vdb-entrytechnical-description
VDB-344508 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #743387 | oatpp 1.3.1 and master-branch NULL Pointer Dereference third-party-advisory
https://github.com/oatpp/oatpp/issues/1080 issue-tracking
https://github.com/oatpp/oatpp/issues/1080#issue-3806715350 exploitissue-tracking
https://github.com/oatpp/oatpp/ product

Affected products

oatpp

==1.3.1
==1.3.0

Matching in nixpkgs

pkgs.oatpp

Light and powerful C++ web framework for highly scalable and resource-efficient web applications

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-25.11 1.3.1
- nixpkgs-25.11-darwin 1.3.1

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.oatpp