Miggo Logo

CVE-2021-45707: Out-of-bounds Write in nix

6.7

CVSS Score
3.1

Basic Information

EPSS Score
0.6554%
Published
1/6/2022
Updated
2/21/2024
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
nixrust>= 0.21.0, < 0.21.20.21.2
nixrust>= 0.22.0, < 0.22.20.22.2
nixrust>= 0.16.0, < 0.20.20.20.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability directly references nix::unistd::getgrouplist in all advisory sources (CVE, GHSA, RustSec). The function's interaction with libc::getgrouplist is flawed because it fails to synchronize the ngroups parameter with the resized buffer capacity. This is explicitly described in the GitHub issue (#1541) and corroborated by all vulnerability descriptions. The function's behavior matches the CWE-787 out-of-bounds write pattern described.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

On **rt*in pl*t*orms, i* * us*r **s mor* t**n ** *roups, t** nix::unist*::**t*rouplist *un*tion will **ll t** li** **t*rouplist *un*tion wit* * l*n*t* p*r*m*t*r *r**t*r t**n t** siz* o* t** *u***r it provi**s, r*sultin* in *n out-o*-*oun*s writ* *n*

Reasoning

T** vuln*r**ility *ir**tly r***r*n**s `nix::unist*::**t*rouplist` in *ll **visory sour**s (*V*, **S*, RustS**). T** *un*tion's int*r**tion wit* `li**::**t*rouplist` is *l*w** ****us* it **ils to syn**roniz* t** n*roups p*r*m*t*r wit* t** r*siz** *u**