CVE-2021-45707 — Out-of-bounds Write in Rust-nix

CWE-787 — Out-of-bounds Write8 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 35.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NIX Project NIX Nixos NIX Debian Rust-nix +4 more

Timeline

PublishedDec 27

Latest updateJun 17

Description

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/rust-nix< rust-nix 0.23.0-1 (bookworm)

▶crates.ionixos/nix0.16.0 — 0.20.2+5

▶NVDnix_project/nix0.16.0 — 0.20.2+2

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

🔴Vulnerability Details

OSV

Out-of-bounds write in nix::unistd::getgrouplist↗2022-06-17

▶

OSV

Out-of-bounds Write in nix↗2022-01-06

▶

GHSA

Out-of-bounds Write in nix↗2022-01-06

▶

OSV

CVE-2021-45707: An issue was discovered in the nix crate 0↗2021-12-27

▶

OSV

Out-of-bounds write in nix::unistd::getgrouplist↗2021-09-27

▶

📋Vendor Advisories

Microsoft

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more tha↗2021-12-14

▶

Debian

CVE-2021-45707: rust-nix - An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x ...↗2021

▶