4 matches found
CVE-2026-44028
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...
CVE-2026-44028
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...
CVE-2026-44028
CVE-2026-44028 affects Nix and Lix: unbounded recursion in the NAR (Nix Archive) parser can cause a stack-to-heap overflow when parsing on a coroutine stack. The stack lacks a guard page, enabling a stack overflow to overwrite heap memory and potentially execute arbitrary code as the Nix daemon (...
nix: coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser
A flaw was found in Nix. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite memory on the heap and could allow arbitrar...