CVE-2024-51481Protection Mechanism Failure in NIX

CWE-693Protection Mechanism Failure2 documents2 sources
Severity
1.0LOWNVD
EPSS
0.1%
top 76.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nixos NIXDebian NIX
Timeline
PublishedOct 31

Description

Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import `) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5nixos/nix< 2.18.9+6
debiandebian/nix

📋Vendor Advisories

1
Debian
CVE-2024-51481: nix - Nix is a package manager for Linux and other Unix systems. On macOS, built-in bu...2024
CVE-2024-51481 — Protection Mechanism Failure in NIX | cvebase