Nixpkgs security tracker

Permalink CVE-2026-3257

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.

References

https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes release-notes
https://www.cve.org/CVERecord?id=CVE-2025-3791 relatedvendor-advisoryvdb-entry
https://unqlite.symisc.net/

Affected products

UnQLite

=<0.06

Matching in nixpkgs

pkgs.unqlite

Self-contained, serverless, zero-conf, transactional NoSQL DB library

nixos-unstable 1.1.9
- nixpkgs-unstable 1.1.9
- nixos-unstable-small 1.1.9
nixos-25.11 1.1.9
- nixos-25.11-small 1.1.9
- nixpkgs-25.11-darwin 1.1.9

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.unqlite