CVE-2021-45707: Out-of-bounds Write in nix
6.7
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.6554%
CWE
Published
1/6/2022
Updated
2/21/2024
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
nix | rust | >= 0.21.0, < 0.21.2 | 0.21.2 |
nix | rust | >= 0.22.0, < 0.22.2 | 0.22.2 |
nix | rust | >= 0.16.0, < 0.20.2 | 0.20.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability directly references nix::unistd::getgrouplist
in all advisory sources (CVE, GHSA, RustSec). The function's interaction with libc::getgrouplist
is flawed because it fails to synchronize the ngroups parameter with the resized buffer capacity. This is explicitly described in the GitHub issue (#1541) and corroborated by all vulnerability descriptions. The function's behavior matches the CWE-787 out-of-bounds write pattern described.