Nixpkgs security tracker

Permalink CVE-2026-2903

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.

References

VDB-347210 | skvadrik re2c ast.cc check_and_merge_special_rules null pointer dereference vdb-entrytechnical-description
VDB-347210 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #755030 | skvadrik re2c 04f1424 NULL Pointer Dereference third-party-advisory
https://github.com/skvadrik/re2c/issues/571 issue-tracking
https://github.com/skvadrik/re2c/issues/571#issuecomment-3837675101 issue-tracking
https://github.com/oneafter/0202/blob/main/re/repro exploit
https://github.com/skvadrik/re2c/commit/febeb977936f9519a25d9fbd10ff8256358cdb97 patch
https://github.com/skvadrik/re2c/ product

Affected products

re2c

==4.0
==4.3
==4.4
==4.2
==4.1

Matching in nixpkgs

pkgs.re2c

Tool for writing very fast and very flexible scanners

nixos-unstable 4.4
- nixpkgs-unstable 4.4
- nixos-unstable-small 4.4
nixos-25.11 4.3.1
- nixos-25.11-small 4.3.1
- nixpkgs-25.11-darwin 4.3.1

pkgs.vimPlugins.nvim-treesitter-parsers.re2c

None

nixos-unstable re2c-0.0.0+rev=c18a3c2
- nixpkgs-unstable re2c-0.0.0+rev=c18a3c2
- nixos-unstable-small re2c-0.0.0+rev=c18a3c2
nixos-25.11 re2c
- nixos-25.11-small re2c
- nixpkgs-25.11-darwin re2c

Package maintainers

@thoughtpolice Austin Seipp <aseipp@pobox.com>