CNNVD-202602-1284 Information
CNNVD ID
CNNVD-202602-1284
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Nixpkgs是NixOS开源的一个 100000 多个软件包的集合。可以使用 Nix 包管理器安装。 Nixpkgs 25.05及之前版本存在安全漏洞,该漏洞源于任何系统用户均可运行具有CAP_NET_RAW能力的任意命令,可能导致绑定特权端口或欺骗本地流量。
Description (English)
Nixpkgs is a collection of over 100,000 software packages from NixOS open source. can be installed using the Nix Package Manager. There is a security loophole in Nixpkgs 25.05 and earlier versions, which stems from the fact that any system user can run an arbitrary order with CAP NET RAW capability, which could lead to the binding of privileged ports or the deception of local traffic.
Vulnerability Type
其他
Affected Vendor
NixOS
Published
2026-02-09
Last Modified
2026-02-24
References
https://github.com/NixOS/nixpkgs/pull/487775 https://github.com/NixOS/nixpkgs/pull/487779 https://github.com/NixOS/nixpkgs/security/advisories/GHSA-wc3r-c66x-8xmc
Patch
https://github.com/NixOS/nixpkgs
Share on: