CVE-2021-45707

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-45707
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45707.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-45707
Aliases
Downstream
Related
Published
2021-12-27T00:15:09.940Z
Modified
2026-03-13T22:01:23.258559Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.

References

Affected packages

Git / github.com/nix-rust/nix

Affected ranges

Type
GIT
Repo
https://github.com/nix-rust/nix
Events
Introduced
aaa4595b2b71745da8e2e7d2958687fae93fad13
Fixed
72d805a3eb307dbd4982d35a00c8e971977da25d
Introduced
db2af196c9c279f8bb4856c5eff1e2b658fcf2ff
Fixed
fee8904546f1422add14824394efa7f389c51693
Introduced
5dd14c39b88fb6eb25ad670435d1a79ba294b21e
Fixed
124ed60877c52cb38ad5533815720a278e50876f
Database specific 
{
    "versions": [
        {
            "introduced": "0.16.0"
        },
        {
            "fixed": "0.20.2"
        },
        {
            "introduced": "0.21.0"
        },
        {
            "fixed": "0.21.2"
        },
        {
            "introduced": "0.22.0"
        },
        {
            "fixed": "0.22.2"
        }
    ]
}

Affected versions

v0.*
v0.16.0
v0.16.1
v0.17.0
v0.18.0
v0.19.0
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.22.0
v0.22.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45707.json"