434 matches found
DEBIAN-CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
UBUNTU-CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
CVE-2024-47174 affects Nix’s fetchurl/builtin:fetchurl in versions 1.11 through before 2.18.8 and 2.24.8, where TLS certificates were not verified on HTTPS, risking leakage of full URLs and credentials (e.g., from netrc) under MITM. TOFU-style hash misupdates could also be abused. Affected compon...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
PT-2024-32458 · Nix +3 · Nix +3
Name of the Vulnerable Software and Affected Versions: Nix versions 1.11 through 2.18.7 Nix versions 1.11 through 2.24.7 Description: The issue is related to the Nix package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify...
Nix 授权问题漏洞
Nix is a powerful package manager from the Nix open source. It is used for making packages. An authorization issue vulnerability exists in Nix from version 1.11 until version 2.24.8, which stems from the fact that nix/fetchurl.nix does not validate TLS certificates on HTTPS requests, resulting in...
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
...
CVE-2024-45593
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
UBUNTU-CVE-2024-45593
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
CVE-2024-45593 Nix affected by unsafe NAR unpacking
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
CVE-2024-45593 Nix affected by unsafe NAR unpacking
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
CVE-2024-45593
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
CVE-2024-45593
CVE-2024-45593 affects the Nix package manager. A bug in Nix 2.24 prior to 2.24.6 lets a substituter or malicious user craft a NAR that, when unpacked by Nix, writes to arbitrary filesystem locations accessible to the Nix process, with root privileges when using the Nix daemon. Multiple connected...
CVE-2024-45593 Nix affected by unsafe NAR unpacking
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
CVE-2024-45845
Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instead of this record. All references and descriptions in this record have been removed to prevent...
CVE-2024-45845
Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instead of this record. All references and descriptions in this record have been removed to prevent...
PT-2024-9884
Name of the Vulnerable Software and Affected Versions: Nix versions 2.24 through 2.24.5 Nix version 2.24 prior to 2.24.6 Description: A bug in Nix allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the...