VDB
CVE-2024-45593
CVE-2024-45593
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.
EPSS 0.45% · 64.0th percentile
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.45%
64.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nixos | nix | 2.24.0 |
| NixOS | nix | >= 2.24.0, < 2.24.6 |
| nixos | nix | 2.24.0 |
Exploit Intelligence
- https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 (circl)
- https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 (circl)
- archive.cc (github-poc)
- archive.cc (github-poc)
- archive.cc (github-poc)
- archive.cc (github-poc)
- archive.cc (github-poc)
- archive.cc (github-poc)
- archive.cc (github-poc)
- archive.cc (github-poc)
…and 10 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Sep 10, 2024 CVE Published
- Sep 10, 2024 CVE Updated
- Sep 11, 2024 EPSS Score
- Oct 1, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 9, 2024 EPSS Score
- Nov 29, 2024 EPSS Score
- Dec 20, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 29, 2025 EPSS Score