Edef1C

**Name of the Vulnerable Software and Affected Versions** Nix versions 2.24.4 through 2.34.6 Lix versions 2.93.0 through 2.95.1 **Description** Unbounded recursion in the NAR (Nix Archive) parser can lead to a stack-to-heap overflow when the parser operates on a coroutine stack. Because the stack is allocated without a guard page, a stack overflow may overwrite heap memory, potentially allowing arbitrary code execution as the Nix daemon, which runs as root in multi-user installations, provided ASLR (Address Space Layout Randomization) hardening is bypassed. This issue can be exploited by any user capable of connecting to the daemon, such as those permitted via the `allowed-users` setting. **Recommendations** Update Nix to versions 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, or 2.28.7. Update Lix to versions 2.95.2, 2.94.2, or 2.93.4.

**Name of the Vulnerable Software and Affected Versions** Nix versions 2.24.7 through 2.34.6 **Description** A directory traversal issue allows writing to arbitrary files when using the "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" commands. **Recommendations** Update to version 2.34.7 Update to version 2.33.6 Update to version 2.32.8 Update to version 2.31.5 Update to version 2.30.5 Update to version 2.29.4 Update to version 2.28.7