CVE-2024-27297

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27297
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27297.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27297
Aliases
  • GHSA-2ffj-w4mj-pg37
Downstream
Published
2024-03-11T21:24:43.919Z
Modified
2025-11-15T18:41:46.237098Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
Summary
Nix Corruption of fixed-output derivations
Details

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-367"
    ]
}
References

Affected packages

Git / github.com/nixos/nix

Affected ranges

Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
5b99c823ef95ba5c642ae105815d5acd4f093aa3
Fixed
7794354a982449927ee7401cdeb573ddd16c4688
Database specific 
{
    "versions": [
        {
            "introduced": "2.19.0"
        },
        {
            "fixed": "2.19.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
16e1ff3bcb5e785cce6bff8d0745e2a73fbd99de
Fixed
f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
Database specific 
{
    "versions": [
        {
            "introduced": "2.20.0"
        },
        {
            "fixed": "2.20.5"
        }
    ]
}

Affected versions

2.*

2.19.0
2.19.1
2.19.2
2.19.3
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "270061119441510868013995832962372203947",
            "length": 12960.0
        },
        "deprecated": false,
        "source": "https://github.com/nixos/nix/commit/7794354a982449927ee7401cdeb573ddd16c4688",
        "target": {
            "file": "src/libstore/build/local-derivation-goal.cc",
            "function": "LocalDerivationGoal::registerOutputs"
        },
        "id": "CVE-2024-27297-76be4ba9",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "digest": {
            "line_hashes": [
                "311689788603820754096509356018530923320",
                "327669024368100280169113292673870505479",
                "116115854176604908085259309279310505164",
                "171428544167327314622826216747362343504",
                "166040523171230239687845801909294165741"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "source": "https://github.com/nixos/nix/commit/7794354a982449927ee7401cdeb573ddd16c4688",
        "target": {
            "file": "src/libstore/build/local-derivation-goal.cc"
        },
        "id": "CVE-2024-27297-e9679594",
        "signature_type": "Line",
        "signature_version": "v1"
    }
]