Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-36050HistoryMay 18, 2024 - 10:15 p.m.
CVE-2024-36050
2024-05-1822:15:07
Debian Security Bug Tracker
security-tracker.debian.org
1
nix
2.22.1
hash cache
vulnerability
source code
pull request
attacker-controlled code
unix
7.2 High
AI Score
Confidence
Low
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nix | <= 2.8.0-1.1 | nix_2.8.0-1.1_all.deb |
| Debian | 11 | all | nix | <= 2.3.7+dfsg1-1 | nix_2.3.7+dfsg1-1_all.deb |
| Debian | 999 | all | nix | <= 2.22.1+dfsg-1 | nix_2.22.1+dfsg-1_all.deb |
| Debian | 13 | all | nix | <= 2.22.1+dfsg-1 | nix_2.22.1+dfsg-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2024-36050
2024-05-18 00:00:00
osv
osv
CVE-2024-36050
2024-05-18 22:15:07
vulnrichment
vulnrichment
CVE-2024-36050
1976-01-01 00:00:00
cvelist
cvelist
CVE-2024-36050
1976-01-01 00:00:00
cve
cve
CVE-2024-36050
2024-05-18 22:15:07
nvd
nvd
CVE-2024-36050
2024-05-18 22:15:07