CVE-2024-36050 — NIX vulnerability

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 66.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian NIX

Timeline

PublishedMay 18

Latest updateMay 19

Description

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶debiandebian/nix

🔴Vulnerability Details

GHSA

GHSA-2r8j-rf53-9g72: Nix through 2↗2024-05-19

▶

OSV

CVE-2024-36050: Nix through 2↗2024-05-18

▶

📋Vendor Advisories

Debian

CVE-2024-36050: nix - Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easie...↗2024

▶