Vulnerability Details CVE-2021-45707
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/advisories/GHSA-wgrg-5h56-jg27
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/nix/RUSTSEC-2021-0119.md
- https://rustsec.org/advisories/RUSTSEC-2021-0119.html
- https://github.com/advisories/GHSA-wgrg-5h56-jg27
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/nix/RUSTSEC-2021-0119.md
- https://rustsec.org/advisories/RUSTSEC-2021-0119.html
Products affected by CVE-2021-45707
-
cpe:2.3:a:nix_project:nix:0.16.0
-
cpe:2.3:a:nix_project:nix:0.16.1
-
cpe:2.3:a:nix_project:nix:0.17.0
-
cpe:2.3:a:nix_project:nix:0.18.0
-
cpe:2.3:a:nix_project:nix:0.19.0
-
cpe:2.3:a:nix_project:nix:0.19.1
-
cpe:2.3:a:nix_project:nix:0.20.0
-
cpe:2.3:a:nix_project:nix:0.20.1
-
cpe:2.3:a:nix_project:nix:0.21.0
-
cpe:2.3:a:nix_project:nix:0.21.1
-
cpe:2.3:a:nix_project:nix:0.22.0
-
cpe:2.3:a:nix_project:nix:0.22.1