Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2024-11858
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 3 months ago
Radare2: command injection via pebble application files in radare2

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing​

References

Affected products

radare2
  • <5.9.9

Matching in nixpkgs

pkgs.radare2

UNIX-like reverse engineering framework and command-line toolset

Package maintainers

Permalink CVE-2024-9676
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 4 months ago
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

References

Affected products

cri-o
  • *
conmon
podman
  • *
skopeo
buildah
  • *
containers/storage
  • <1.55.1
container-tools:rhel8
  • *
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
  • *
jenkins-agent-base-rhel9-container
openshift4/ose-docker-builder-rhel9
  • *
ocp-tools-4/jenkins-agent-base-rhel8

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.podman

Program for managing pods, containers and container images

pkgs.skopeo

Command line utility for various operations on container images and image repositories

pkgs.buildah

Tool which facilitates building OCI images

pkgs.conmon-rs

OCI container runtime monitor written in Rust

pkgs.podman-compose

Implementation of docker-compose with podman backend

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

Package maintainers

Permalink CVE-2024-9675
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 4 months ago
Buildah: buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

References

Affected products

cri-o
conmon
podman
  • *
skopeo
buildah
  • *
  • <1.38.0
buildah-container
container-tools:rhel8
  • *
quay/quay-builder-rhel8
ocp-tools-4/jenkins-rhel8
container-tools:rhel8/conmon
container-tools:rhel8/podman
container-tools:rhel8/skopeo
container-tools:rhel8/buildah
openshift4/ose-docker-builder
  • *
openshift4/ose-docker-builder-rhel9
  • *
ocp-tools-4/jenkins-agent-base-rhel8
openshift-enterprise-builder-container
  • *

Matching in nixpkgs

pkgs.cri-o

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.podman

Program for managing pods, containers and container images

pkgs.skopeo

Command line utility for various operations on container images and image repositories

pkgs.buildah

Tool which facilitates building OCI images

pkgs.conmon-rs

OCI container runtime monitor written in Rust

pkgs.podman-compose

Implementation of docker-compose with podman backend

pkgs.cri-o-unwrapped

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

Package maintainers

Permalink CVE-2024-9407
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 4 months ago
Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

References

Affected products

rhcos
  • *
podman
  • *
  • <1.5.0
  • <5.2.4
buildah
  • *
  • <1.37.4
  • <1.9.1
container-tools:rhel8
  • *
container-tools:rhel8/podman
container-tools:rhel8/buildah
openshift4/ose-docker-builder
openshift4/ose-docker-builder-rhel9

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

pkgs.buildah

Tool which facilitates building OCI images

pkgs.podman-compose

Implementation of docker-compose with podman backend

Package maintainers

Permalink CVE-2024-8775
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 4 months ago
Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

References

Affected products

ansible
ansible-core
  • =<2.17.4
  • *
ee-29-container
  • *
ee-minimal-container
  • *
ansible-builder-container
  • *
discovery-server-container
rhelai1/bootc-nvidia-rhel9
discovery/discovery-ui-rhel9
  • *
discovery/discovery-server-rhel9
  • *
ansible-automation-platform/ee-29-rhel8
  • *
ansible-automation-platform/ee-minimal-rhel8
  • *
ansible-automation-platform/ee-minimal-rhel9
  • *
ansible-automation-platform/ansible-builder-rhel8
  • *
ansible-automation-platform/ansible-builder-rhel9
  • *

Matching in nixpkgs

Permalink CVE-2024-8445
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 4 months ago
389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

References

Affected products

389-ds-base
  • *
  • ==3.1.1
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

Package maintainers

Permalink CVE-2024-6519
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year, 4 months ago
Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

Affected products

qemu
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

Package maintainers

Permalink CVE-2024-25590
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 4 months ago
Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor

An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.

Affected products

pdns-recursor
  • <5.1.2
  • <4.9.9
  • <5.0.9

Matching in nixpkgs

Package maintainers

Permalink CVE-2024-11407
created 1 year, 4 months ago
Denial of Service through Data corruption in gRPC-C++

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Affected products

grpc
  • =<1.66.1

Matching in nixpkgs

pkgs.grpc

C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)

pkgs.grpcui

Interactive web UI for gRPC, along the lines of postman

pkgs.grpcurl

Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers

pkgs.grpc_cli

Command line tool for interacting with grpc services

pkgs.grpc-tools

Distribution of protoc and the gRPC Node protoc plugin for ease of installation with npm

pkgs.grpc-gateway

A gRPC to JSON proxy generator plugin for Google Protocol Buffers

pkgs.protoc-gen-entgrpc

Generator of an implementation of the service interface for ent protobuff

Permalink CVE-2024-10041
4.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 4 months ago
Pam: libpam: libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

References

Affected products

pam
  • <1.6.0
  • *

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

pkgs.dspam

Community Driven Antispam Filter

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable 1.6
    • nixpkgs-unstable 1.6
    • nixos-unstable-small 1.6

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable 1.6
    • nixpkgs-unstable 1.6
    • nixos-unstable-small 1.6

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_ldap

LDAP backend for PAM

  • nixos-unstable 186
    • nixpkgs-unstable 186
    • nixos-unstable-small 186

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

pkgs.opam2json

convert opam file syntax to JSON

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable 2.20
    • nixpkgs-unstable 2.20
    • nixos-unstable-small 2.20

pkgs.pamtester

Utility program to test the PAM facility

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable 10
    • nixpkgs-unstable 10
    • nixos-unstable-small 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable 0.09
    • nixpkgs-unstable 0.09
    • nixos-unstable-small 0.09

pkgs.apparmor-pam

Mandatory access control system - PAM service

pkgs.opam-publish

Tool to ease contributions to opam repositories

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable 1.9
    • nixpkgs-unstable 1.9
    • nixos-unstable-small 1.9

Package maintainers