CVE-2024-45593

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59	Patch
https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*

History

15 Jan 2025, 14:29

Type	Values Removed	Values Added
CPE	cpe:2.3:o:nixos:nix::::::::	cpe:2.3:a:nixos:nix::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 9.0

20 Sep 2024, 19:57

Type	Values Removed	Values Added
First Time		Nixos nix Nixos
References	~~() https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 -~~	() https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 - Patch
References	~~() https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 -~~	() https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~9.0~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:o:nixos:nix::::::::

10 Sep 2024, 17:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 16:15

Updated : 2025-01-15 14:29

NVD link : CVE-2024-45593

Mitre link : CVE-2024-45593

CVE.ORG link : CVE-2024-45593

JSON object : View

Products Affected

nixos

nix

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-45593", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-10T16:15:21.760", "references": [{"url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6."}, {"lang": "es", "value": "Nix es un gestor de paquetes para Linux y otros sistemas Unix. Un error en Nix 2.24 anterior a 2.24.6 permite que un sustituto o un usuario malintencionado cree un NAR que, cuando Nix lo descomprime, hace que Nix escriba en ubicaciones arbitrarias del sistema de archivos a las que el proceso Nix tiene acceso. Esto se har\u00e1 con permisos de superusuario cuando se utilice el daemon Nix. Este problema se solucion\u00f3 en Nix 2.24.6."}], "lastModified": "2025-01-15T14:29:23.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29F960E4-D262-4A4B-A212-709CB43F1325", "versionEndExcluding": "2.24.6", "versionStartIncluding": "2.24.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}