CVE-2024-45593

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45593
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45593.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45593
Aliases
  • GHSA-h4vv-h3jq-v493
Related
Published
2024-09-10T16:15:21Z
Modified
2025-01-16T02:11:53.767996Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.

References

Affected packages

Git / github.com/nixos/nix

Affected ranges

Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
eb11c1499876cd4c9c188cbda5b1003b36ce2e59

Affected versions

1.*

1.0
1.1
1.10
1.11
1.11.1
1.2
1.3
1.4
1.5
1.5.1
1.5.2
1.5.3
1.6
1.6.1
1.7
1.8
1.9

2.*

2.0
2.2
2.24.0
2.24.1
2.24.2
2.24.3
2.24.4
2.24.5