CVE-2021-45707 — Vulnetix

CVE-2021-45707 PUBLISHED CVSS 9.800000190734863 CRITICAL

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.

EPSS 0.47% · 64.7th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.47%

64.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
nix_project	nix	0.16.0, 0.21.0, 0.22.0
crates.io	nix	0.16.0, 0.21.0, 0.22.0

Timeline

Sep 27, 2021 CVE Published
Dec 27, 2021 EPSS Score
Feb 19, 2022 EPSS Score
Apr 14, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Jul 31, 2022 EPSS Score
Nov 16, 2022 EPSS Score
Jan 9, 2023 EPSS Score
Mar 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 27, 2023 EPSS Score
Jun 20, 2023 EPSS Score

References

https://rustsec.org/advisories/RUSTSEC-2021-0119.html url
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/nix/RUSTSEC-2021-0119.md url
https://github.com/advisories/GHSA-wgrg-5h56-jg27 url
https://nvd.nist.gov/vuln/detail/CVE-2021-45707 advisory
https://github.com/nix-rust/nix/issues/1541 url
https://github.com/nix-rust/nix package

Open in Interactive Console →