UBUNTU-CVE-2024-45593

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-45593
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45593.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-45593
Related
Published
2024-09-10T16:15:00Z
Modified
2025-01-13T10:26:03Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.

References

Affected packages

Ubuntu:22.04:LTS / nix

Package

Name
nix
Purl
pkg:deb/ubuntu/nix@2.6.0+dfsg-3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.10+dfsg1-1
2.3.10+dfsg1-1build1
2.6.0+dfsg-2
2.6.0+dfsg-3

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / nix

Package

Name
nix
Purl
pkg:deb/ubuntu/nix@2.18.1+dfsg-1ubuntu5?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.18.1+dfsg-1ubuntu5

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / nix

Package

Name
nix
Purl
pkg:deb/ubuntu/nix@2.18.1+dfsg-1ubuntu5?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.16.1+dfsg-3ubuntu1
2.18.1+dfsg-1ubuntu1
2.18.1+dfsg-1ubuntu2
2.18.1+dfsg-1ubuntu4
2.18.1+dfsg-1ubuntu5

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}