CVE-2024-33904
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-33904
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33904.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-33904
- Published
- 2024-04-29T06:15:17.320Z
- Modified
- 2025-11-20T12:26:40.962667Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file.
- References
Affected packages
Git / github.com/hyprwm/hyprland
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hyprwm/hyprland
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0-beta
v0.*
v0.1.0beta
v0.1.1beta
v0.1.2beta
v0.1.3abeta
v0.1.3beta
v0.1.4beta
v0.10.0beta
v0.10.1beta
v0.10.2beta
v0.10.3beta
v0.11.0beta
v0.11.1beta
v0.12.0beta
v0.12.1beta
v0.13.0beta
v0.13.1beta
v0.14.0beta
v0.15.0beta
v0.15.1beta
v0.15.2beta
v0.15.3beta
v0.16.0beta
v0.17.0beta
v0.18.0beta
v0.19.0beta
v0.19.1beta
v0.19.2beta
v0.2.0beta
v0.2.1beta
v0.2.2beta
v0.20.0beta
v0.20.1beta
v0.21.0beta
v0.22.0beta
v0.23.0beta
v0.24.0
v0.24.1
v0.25.0
v0.26.0
v0.27.0
v0.27.1
v0.27.2
v0.28.0
v0.29.0
v0.29.1
v0.3.0beta
v0.30.0
v0.31.0
v0.32.0
v0.32.1
v0.32.2
v0.32.3
v0.33.0
v0.33.1
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.37.1
v0.38.0
v0.39.0
v0.39.1
v0.4.0beta
v0.5.0beta
v0.6.0beta
v0.6.1beta
v0.6.2beta
v0.6.3beta
v0.7.0beta
v0.7.1beta
v0.8.0beta
v0.8.1beta
v0.9.0beta
v0.9.1beta
Database specific
vanir_signatures
[
{
"digest": {
"length": 2897.0,
"function_hash": "309678739146240935187567247894161637280"
},
"id": "CVE-2024-33904-2302e756",
"source": "https://github.com/hyprwm/hyprland/commit/28c85619243e6320e75d7abcfe8244fa99d054dd",
"signature_type": "Function",
"target": {
"file": "src/plugins/HookSystem.cpp",
"function": "CFunctionHook::fixInstructionProbeRIPCalls"
},
"signature_version": "v1",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"190217801654639372551066546308466559004",
"143927636723952870390353445975106202205",
"309147059020229190787273906206876839466",
"56880301859521836524328413537888291278",
"322054510741183591041222930316012165702",
"15630290996200255173565662496382969632",
"263552150542985046474192302823398995190",
"124678730255584489758454822691010318213",
"283639004014934562809532251702509615685",
"234311607111309215750334651559154016608",
"197135174618077904733432604144080782367",
"79259529065444900571959498538507963990",
"16567161617474067914485079323218345666",
"170593537079176871333703467020951648239",
"269735363975842587576984820153003525369",
"203276905363280741261612931962966469032",
"42672334325491084978606627653475856851",
"196282065083644584721864774787568815652",
"195567685390520461819888527226966883018",
"81322222678139629145791711123046477219",
"275755797967795746294518147062100390944",
"237775725182113644394304516306408919473",
"187731648000091946946200387280805729783"
]
},
"id": "CVE-2024-33904-fa259af4",
"source": "https://github.com/hyprwm/hyprland/commit/28c85619243e6320e75d7abcfe8244fa99d054dd",
"signature_type": "Line",
"target": {
"file": "src/plugins/HookSystem.cpp"
},
"signature_version": "v1",
"deprecated": false
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33904.json"