Improper Check For Unusual Or Exceptional Conditions

2024-03-2016:46:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

nix

vulnerability

improper check

unix domain sockets

derivation

file descriptors

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Nix is vulnerable to a Improper Check for Unusual or Exceptional Conditions which can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation through Unix domain sockets in the abstract namespace. This allows the modification of the output of the derivation after Nix has registered the path as “valid” and immutable in the Nix database, enabling the output of fixed-output derivations to be altered from their expected content.

CPENameOperatorVersion
guix:edgeeq1.4.0-r1
guix:edgeeq1.4.0-r0
guix:edgeeq1.4.0-r2
guix:edgeeq1.4.0-r4
guix:3.19eq1.4.0-r4
nixeq2.3.4-r0
nixeq2.17.0-r0
nixeq2.3.16-r0
nixeq2.12.0-r0
nixeq2.3.4-r1

Name	Operator	Version
guix:edge	eq	1.4.0-r1
guix:edge	eq	1.4.0-r0
guix:edge	eq	1.4.0-r2
guix:edge	eq	1.4.0-r4
guix:3.19	eq	1.4.0-r4
nix	eq	2.3.4-r0
nix	eq	2.17.0-r0
nix	eq	2.3.16-r0
nix	eq	2.12.0-r0
nix	eq	2.3.4-r1