CVE-2024-33904

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-33904

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33904.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33904

Published

2024-04-29T06:15:17Z

Modified

2025-01-15T05:13:44.168550Z

Summary

[none]

Details

In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file.

References

Affected packages

Git / github.com/hyprwm/hyprland

Affected ranges

Type: GIT
Repo: https://github.com/hyprwm/hyprland
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

28c85619243e6320e75d7abcfe8244fa99d054dd

Fixed

28c85619243e6320e75d7abcfe8244fa99d054dd

Affected versions

0.*

0.1.0-beta

v0.*

v0.1.0beta

v0.1.1beta

v0.1.2beta

v0.1.3abeta

v0.1.3beta

v0.1.4beta

v0.10.0beta

v0.10.1beta

v0.10.2beta

v0.10.3beta

v0.11.0beta

v0.11.1beta

v0.12.0beta

v0.12.1beta

v0.13.0beta

v0.13.1beta

v0.14.0beta

v0.15.0beta

v0.15.1beta

v0.15.2beta

v0.15.3beta

v0.16.0beta

v0.17.0beta

v0.18.0beta

v0.19.0beta

v0.19.1beta

v0.19.2beta

v0.2.0beta

v0.2.1beta

v0.2.2beta

v0.20.0beta

v0.20.1beta

v0.21.0beta

v0.22.0beta

v0.23.0beta

v0.24.0

v0.24.1

v0.25.0

v0.26.0

v0.27.0

v0.27.1

v0.27.2

v0.28.0

v0.29.0

v0.29.1

v0.3.0beta

v0.30.0

v0.31.0

v0.32.0

v0.32.1

v0.32.2

v0.32.3

v0.33.0

v0.33.1

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.37.1

v0.38.0

v0.39.0

v0.39.1

v0.4.0beta

v0.5.0beta

v0.6.0beta

v0.6.1beta

v0.6.2beta

v0.6.3beta

v0.7.0beta

v0.7.1beta

v0.8.0beta

v0.8.1beta

v0.9.0beta

v0.9.1beta