CVE-2024-27297

Published: Mar 11, 2024

Modified: Jun 27, 2025

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
NixOS	nix	affected `>= 2.3.0, < 2.3.18` affected `>= 2.4.0, < 2.18.2` affected `>= 2.19.0, < 2.19.4` affected `>= 2.20.0, < 2.20.5`

Weaknesses (CWE)

CWE-367

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

References

https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37

x_refsource_CONFIRM

https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000

x_refsource_MISC

https://hackmd.io/03UGerewRcy3db44JQoWvw

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-27297

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References