Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: trgui-ng-web

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2018-25258

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 days, 2 hours ago

RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.

References

ExploitDB-46107 exploit
Official Product Homepage product
Product Reference product
VulnCheck Advisory: RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass third-party-advisory

Affected products

RGui

==3.5.0

Matching in nixpkgs

pkgs.trgui-ng

Remote GUI for Transmission torrent daemon

nixos-unstable 1.5.1
- nixpkgs-unstable 1.5.1
- nixos-unstable-small 1.5.1
nixos-25.11 1.4.0-unstable-2025-05-18
- nixos-25.11-small 1.4.0-unstable-2025-05-18
- nixpkgs-25.11-darwin 1.4.0-unstable-2025-05-18

pkgs.trgui-ng-web

Web UI for Transmission torrent daemon

nixos-unstable 1.5.1
- nixpkgs-unstable 1.5.1
- nixos-unstable-small 1.5.1
nixos-25.11 1.4.0-unstable-2025-05-18
- nixos-25.11-small 1.4.0-unstable-2025-05-18
- nixpkgs-25.11-darwin 1.4.0-unstable-2025-05-18

Package maintainers

@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>

1