Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | nix | <= 2.8.0-1.1 | nix_2.8.0-1.1_all.deb |
Debian | 11 | all | nix | <= 2.3.7+dfsg1-1 | nix_2.3.7+dfsg1-1_all.deb |
Debian | 999 | all | nix | <= 2.22.1+dfsg-1 | nix_2.22.1+dfsg-1_all.deb |
Debian | 13 | all | nix | <= 2.22.1+dfsg-1 | nix_2.22.1+dfsg-1_all.deb |