Nix Security Vulnerabilities and Issues — Nix CVE List

Lucene search

NixosNix

3 matches found

CVE•added 2024/03/11 10:15 p.m.•82 views

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the...

6.3CVSS6.1AI score0.00055EPSS

CVE•added 2019/10/09 10:15 p.m.•81 views

CVE-2019-17365

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.

7.8CVSS7.6AI score0.00049EPSS

CVE•added 2024/09/10 4:15 p.m.•54 views

CVE-2024-45593

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissio...

9CVSS8.7AI score0.00222EPSS