A critical vulnerability was discovered in Nix before version 2.34.7 and Lix before 2.95.2 involving unbounded recursion in the NAR (Nix Archive) parser. The vulnerability causes a stack-to-heap overflow when running on a coroutine stack without guard pages. This allows stack overflow to overwrite heap memory, potentially enabling arbitrary code execution as the Nix daemon (running as root in multi-user installations) if ASLR hardening is bypassed. The vulnerability can be exploited by any user with daemon connection privileges, which defaults to all users in Nix installations. Fixed versions include multiple releases across both Nix and Lix distributions.