How severe is CVE-2024-27297?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-27297?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2024-27297 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2018-1121

MEDIUM

CVSS:5.9(Medium)

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use...

CWE-3672018

CVE-2019-18644

MEDIUM

CVSS:5.9(Medium)

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.

CWE-3672019

CVE-2019-20000

MEDIUM

CVSS:5.9(Medium)

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.

CWE-3672019

CVE-2020-3808

MEDIUM

CVSS:5.9(Medium)

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

CWE-3672020

CVE-2020-8890

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of i...

CWE-3672020

CVE-2021-30342

MEDIUM

CVSS:5.9(Medium)

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snap...

CWE-3672021