Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-27297

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-11 Mar, 2024 | 21:24
Updated At-27 Jun, 2025 | 12:16
Rejected At-
Credits

Nix Corruption of fixed-output derivations

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:11 Mar, 2024 | 21:24
Updated At:27 Jun, 2025 | 12:16
Rejected At:
▼CVE Numbering Authority (CNA)
Nix Corruption of fixed-output derivations

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Products
Vendor
NixOS
Product
nix
Versions
Affected
  • >= 2.3.0, < 2.3.18
  • >= 2.4.0, < 2.18.2
  • >= 2.19.0, < 2.19.4
  • >= 2.20.0, < 2.20.5
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-367
Description: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
x_refsource_CONFIRM
https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
x_refsource_MISC
https://hackmd.io/03UGerewRcy3db44JQoWvw
x_refsource_MISC
Hyperlink: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
Resource:
x_refsource_MISC
Hyperlink: https://hackmd.io/03UGerewRcy3db44JQoWvw
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
N/A
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
x_refsource_CONFIRM
x_transferred
https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
x_refsource_MISC
x_transferred
https://hackmd.io/03UGerewRcy3db44JQoWvw
x_refsource_MISC
x_transferred
Hyperlink: https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
Resource: N/A
Hyperlink: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://hackmd.io/03UGerewRcy3db44JQoWvw
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:11 Mar, 2024 | 22:15
Updated At:27 Jun, 2025 | 13:15

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
nixos
nixos
>>nix>>Versions before 2.3.18(exclusive)
cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*
nixos
nixos
>>nix>>Versions from 2.4(inclusive) to 2.18.2(exclusive)
cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*
nixos
nixos
>>nix>>Versions from 2.19.0(inclusive) to 2.19.4(exclusive)
cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*
nixos
nixos
>>nix>>Versions from 2.20.0(inclusive) to 2.20.5(exclusive)
cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-367Secondarysecurity-advisories@github.com
CWE-367Primarynvd@nist.gov
CWE ID: CWE-367
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-367
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000security-advisories@github.com
Patch
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37security-advisories@github.com
Vendor Advisory
https://hackmd.io/03UGerewRcy3db44JQoWvwsecurity-advisories@github.com
Exploit
https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/af854a3a-2127-422b-91ae-364da2661108
N/A
https://hackmd.io/03UGerewRcy3db44JQoWvwaf854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://hackmd.io/03UGerewRcy3db44JQoWvw
Source: security-advisories@github.com
Resource:
Exploit
Hyperlink: https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hackmd.io/03UGerewRcy3db44JQoWvw
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2025-46415
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.2||LOW
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 00:00
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.

Action-Not Available
Vendor-NixOS
Product-Nix
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.38% / 58.75%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 23:41
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-49558
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.45%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:55
Updated-15 Aug, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-commerce_b2bcommercemagentoAdobe Commerce
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-3808
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.9||MEDIUM
EPSS-1.67% / 81.34%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:12
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudCreative Cloud Desktop Application
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-20000
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.25%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 04:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.

Action-Not Available
Vendor-bullguardn/a
Product-premium_protectionn/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-18644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 49.83%
||
7 Day CHG~0.00%
Published-30 Oct, 2019 | 23:07
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.

Action-Not Available
Vendor-totaldefensen/a
Product-anti-virusn/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-15608
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.46%
||
7 Day CHG~0.00%
Published-15 Mar, 2020 | 17:08
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.

Action-Not Available
Vendor-yarnpkgn/a
Product-yarnyarn
CWE ID-CWE-840
Not Available
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
Details not found