OpenCVE

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Nixos	Nix

Configuration 1 [-]

cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59
https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

History

Tue, 10 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nixos Nixos nix
CPEs		cpe:2.3:o:nixos:nix::::::::
Vendors & Products		Nixos Nixos nix
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Description		Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6.
Title		Nix affected by unsafe NAR unpacking
Weaknesses		CWE-22
References		https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-10T15:51:07.881Z

Updated: 2024-09-10T16:06:16.016Z

Reserved: 2024-09-02T16:00:02.423Z

Link: CVE-2024-45593

Vulnrichment

Updated: 2024-09-10T16:06:07.150Z

NVD

Status : Analyzed

Published: 2024-09-10T16:15:21.760

Modified: 2024-09-20T19:57:55.573

Link: CVE-2024-45593

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45593", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-02T16:00:02.423Z", "datePublished": "2024-09-10T15:51:07.881Z", "dateUpdated": "2024-09-10T16:06:16.016Z"}, "containers": {"cna": {"title": "Nix affected by unsafe NAR unpacking", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493"}, {"name": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59", "tags": ["x_refsource_MISC"], "url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59"}], "affected": [{"vendor": "NixOS", "product": "nix", "versions": [{"version": ">= 2.24.0, < 2.24.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-10T15:51:07.881Z"}, "descriptions": [{"lang": "en", "value": "Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6."}], "source": {"advisory": "GHSA-h4vv-h3jq-v493", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "nixos", "product": "nix", "cpes": ["cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.24.0", "status": "affected", "lessThan": "2.24.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T16:03:03.600877Z", "id": "CVE-2024-45593", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T16:06:16.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T16:03:03.600877Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*"], "vendor": "nixos", "product": "nix", "versions": [{"status": "affected", "version": "2.24.0", "lessThan": "2.24.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T16:06:07.150Z"}}], "cna": {"title": "Nix affected by unsafe NAR unpacking", "source": {"advisory": "GHSA-h4vv-h3jq-v493", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "NixOS", "product": "nix", "versions": [{"status": "affected", "version": ">= 2.24.0, < 2.24.6"}]}], "references": [{"url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493", "name": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59", "name": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-10T15:51:07.881Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45593", "state": "PUBLISHED", "dateUpdated": "2024-09-10T16:06:16.016Z", "dateReserved": "2024-09-02T16:00:02.423Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-10T15:51:07.881Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*", "matchCriteriaId": "423F7CD7-8C2C-4133-947F-8F42F5F7CECD", "versionEndExcluding": "2.24.6", "versionStartIncluding": "2.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6."}, {"lang": "es", "value": "Nix es un gestor de paquetes para Linux y otros sistemas Unix. Un error en Nix 2.24 anterior a 2.24.6 permite que un sustituto o un usuario malintencionado cree un NAR que, cuando Nix lo descomprime, hace que Nix escriba en ubicaciones arbitrarias del sistema de archivos a las que el proceso Nix tiene acceso. Esto se har\u00e1 con permisos de superusuario cuando se utilice el daemon Nix. Este problema se solucion\u00f3 en Nix 2.24.6."}], "id": "CVE-2024-45593", "lastModified": "2024-09-20T19:57:55.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-10T16:15:21.760", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}