Debian Nix vulnerabilities

CVE-2026-39860 [MEDIUM] CVE-2026-39860: nix - Nix is a package manager for Linux and other Unix systems. A bug in the fix for ... Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds

CVE-2025-53819 [HIGH] CVE-2025-53819: nix - Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.... Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-47174 [MEDIUM] CVE-2024-47174: nix - Nix is a package manager for Linux and other Unix systems. Starting in version 1... Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle (MITM) attack. `` is also known as the builtin derivation builder `builtin:fet

CVE-2024-27297 [MEDIUM] CVE-2024-27297: guix - Nix is a package manager for Linux and other Unix systems. A fixed-output deriva... Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid

CVE-2024-36050 [MEDIUM] CVE-2024-36050: nix - Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easie... Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-38531 [LOW] CVE-2024-38531: nix - Nix is a package manager for Linux and other Unix systems that makes package man... Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This

CVE-2024-45593 [CRITICAL] CVE-2024-45593: nix - Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 pri... Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. Scop

CVE-2024-51481 [LOW] CVE-2024-51481: nix - Nix is a package manager for Linux and other Unix systems. On macOS, built-in bu... Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import `) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue i