Nixpkgs security tracker

Permalink CVE-2016-20038

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 weeks ago

yTree 1.94-1.1 Stack-Based Buffer Overflow

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.

References

ExploitDB-39406 exploit
Official Product Homepage product
VulnCheck Advisory: yTree 1.94-1.1 Stack-Based Buffer Overflow third-party-advisory

Affected products

yTree

==1.94-1.1

Matching in nixpkgs

pkgs.ytree

Curses-based file manager similar to DOS Xtree(TM)

nixos-unstable 2.10
- nixpkgs-unstable 2.10
- nixos-unstable-small 2.10
nixos-25.11 2.10
- nixos-25.11-small 2.10
- nixpkgs-25.11-darwin 2.10

pkgs.cherrytree

Hierarchical note taking application

nixos-unstable 1.6.3
- nixpkgs-unstable 1.6.3
- nixos-unstable-small 1.6.3
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.haskellPackages.polytree

A polymorphic rose-tree

nixos-unstable 0.0.9
- nixpkgs-unstable 0.0.9
- nixos-unstable-small 0.0.9
nixos-25.11 0.0.9
- nixos-25.11-small 0.0.9
- nixpkgs-25.11-darwin 0.0.9

pkgs.python312Packages.anytree

Powerful and Lightweight Python Tree Data Structure

nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python313Packages.anytree

Powerful and Lightweight Python Tree Data Structure

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0
nixos-25.11 2.13.0
- nixos-25.11-small 2.13.0
- nixpkgs-25.11-darwin 2.13.0

pkgs.python314Packages.anytree

Powerful and Lightweight Python Tree Data Structure

nixos-unstable 2.13.0
- nixpkgs-unstable 2.13.0
- nixos-unstable-small 2.13.0

pkgs.haskellPackages.TernaryTrees

Efficient pure ternary tree Sets and Maps

nixos-unstable 0.2.0.2
- nixpkgs-unstable 0.2.0.2
- nixos-unstable-small 0.2.0.2
nixos-25.11 0.2.0.2
- nixos-25.11-small 0.2.0.2
- nixpkgs-25.11-darwin 0.2.0.2

pkgs.python312Packages.textual-universal-directorytree

Textual plugin for a DirectoryTree compatible with remote filesystems

nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python313Packages.textual-universal-directorytree

Textual plugin for a DirectoryTree compatible with remote filesystems

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0
nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python314Packages.textual-universal-directorytree

Textual plugin for a DirectoryTree compatible with remote filesystems

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0

Package maintainers

@figsoda figsoda <figsoda@pm.me>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.ytree

pkgs.cherrytree

pkgs.haskellPackages.polytree

pkgs.python312Packages.anytree

pkgs.python313Packages.anytree

pkgs.python314Packages.anytree

pkgs.haskellPackages.TernaryTrees

pkgs.python312Packages.textual-universal-directorytree

pkgs.python313Packages.textual-universal-directorytree

pkgs.python314Packages.textual-universal-directorytree

Package maintainers