Описание
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.16.0 (включая) до 0.20.2 (исключая)Версия от 0.21.0 (включая) до 0.21.2 (исключая)Версия от 0.22.0 (включая) до 0.22.2 (исключая)
Одно из
cpe:2.3:a:nix_project:nix:*:*:*:*:*:rust:*:*
cpe:2.3:a:nix_project:nix:*:*:*:*:*:rust:*:*
cpe:2.3:a:nix_project:nix:*:*:*:*:*:rust:*:*
EPSS
Процентиль: 64%
0.00466
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 4 лет назад
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
CVSS3: 9.8
debian
около 4 лет назад
An issue was discovered in the nix crate 0.16.0 and later before 0.20. ...
EPSS
Процентиль: 64%
0.00466
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787