Lucene search

K

[email protected]CVE-2024-36050

HistoryMay 18, 2024 - 10:15 p.m.

CVE-2024-36050

2024-05-1822:15:07

[email protected]

web.nvd.nist.gov

45

nix

vulnerability

hash cache

source code

attacker-controlled

pull request

7.3 High

AI Score

Confidence

Low

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.

References

discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345

github.com/NixOS/nix/issues/969

github.com/NixOS/ofborg/issues/68#issuecomment-2082789441

7.3 High

AI Score

Confidence

Low

Related for CVE-2024-36050

ubuntucve1 cvelist1 debiancve1 osv1