Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nix Corruption of fixed-output derivations
Vulnerability Description
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Nix 安全漏洞
Vulnerability Description
Nix是Nix开源的一个强大的包管理器。用于制作包。 Nix 2.20.3及之前版本存在安全漏洞,该漏洞源于Linux 上的固定输出派生可以通过抽象命名空间中的 Unix 域套接字将 Nix 存储中的文件描述符发送到主机上运行的另一个程序,允许对预期内容进行修改。
CVSS Information
N/A
Vulnerability Type
N/A