CVE-2024-38531 Nix sandbox escape

🗓️ 28 Jun 2024 13:18:58Reported by GitHub_MType

Nix sandbox escape CVE-2024-38531 fix in Nix package manage

Reporter	Title	Published	Views	Family All 21
AlpineLinux	CVE-2024-38531	28 Jun 202414:15	–	alpinelinux
CNNVD	Nix Security Vulnerabilities	28 Jun 202400:00	–	cnnvd
CVE	CVE-2024-38531	28 Jun 202413:18	–	cve
Debian CVE	CVE-2024-38531	28 Jun 202413:18	–	debiancve
EUVD	EUVD-2024-37395	3 Oct 202520:07	–	euvd
NVD	CVE-2024-38531	28 Jun 202414:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-7633-1)	16 Jul 202500:00	–	openvas
OSV	CVE-2024-38531 Nix sandbox escape	28 Jun 202413:18	–	osv
OSV	DEBIAN-CVE-2024-38531	28 Jun 202414:15	–	osv
OSV	UBUNTU-CVE-2024-38531	28 Jun 202414:15	–	osv

[
  {
    "vendor": "NixOS",
    "product": "nix",
    "versions": [
      {
        "version": ">= 2.23.0, < 2.23.1",
        "status": "affected"
      },
      {
        "version": ">= 2.22.0, < 2.22.2",
        "status": "affected"
      },
      {
        "version": ">= 2.21.0, < 2.21.3",
        "status": "affected"
      },
      {
        "version": ">= 2.20.0, < 2.20.7",
        "status": "affected"
      },
      {
        "version": ">= 2.19.0, < 2.19.5",
        "status": "affected"
      },
      {
        "version": ">= 2.18.0, < 2.18.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5
github	www.github.com/NixOS/nix/pull/10501

28 Jun 2024 13:18Current

CVSS 3.13.6

EPSS0.00143

CWE-278