216.73.216.226

CVE-2026-44028

· Published 05/05/2026 01:16 · Modified 05/05/2026 19:47

Labels: CVE-2026-44028 2026-05-05CVE-2026-44028CWE-674[email protected]

Essential information

Published
05/05/2026 01:16
Modified
05/05/2026 19:47
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite memory on the heap and could allow arbitrary code execution as the Nix daemon (run as root in multi-user installations) if ASLR hardening is bypassed. This can be exploited by all users able to connect to the daemon (e.g., in Nix, this is configurable via the allowed-users setting, defaulting to all users). The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 for Nix (introduced in 2.24.4); and 2.95.2, 2.94.2, and 2.93.4 for Lix (introduced in 2.93.0).

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nixos / nix cpe:2.3:a:nixos:nix:<2.34.7:*:*:*:*:*:*:*
lix / lix cpe:2.3:a:lix:lix:<2.95.2:*:*:*:*:*:*:*

References