CVE-2024-33904

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-33904

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33904.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33904

Published

2024-04-29T06:15:17.320Z

Modified

2026-03-03T01:22:16.962089Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file.

References

Affected packages

Git / github.com/hyprwm/hyprland

Affected ranges

Type: GIT
Repo: https://github.com/hyprwm/hyprland
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

fe7b748eb668136dd0558b7c8279bfcd7ab4d759

Affected versions

0.*

0.1.0-beta

v0.*

v0.1.0beta

v0.1.1beta

v0.1.2beta

v0.1.3abeta

v0.1.3beta

v0.1.4beta

v0.10.0beta

v0.10.1beta

v0.10.2beta

v0.10.3beta

v0.11.0beta

v0.11.1beta

v0.12.0beta

v0.12.1beta

v0.13.0beta

v0.13.1beta

v0.14.0beta

v0.15.0beta

v0.15.1beta

v0.15.2beta

v0.15.3beta

v0.16.0beta

v0.17.0beta

v0.18.0beta

v0.19.0beta

v0.19.1beta

v0.19.2beta

v0.2.0beta

v0.2.1beta

v0.2.2beta

v0.20.0beta

v0.20.1beta

v0.21.0beta

v0.22.0beta

v0.23.0beta

v0.24.0

v0.24.1

v0.25.0

v0.26.0

v0.27.0

v0.27.1

v0.27.2

v0.28.0

v0.29.0

v0.29.1

v0.3.0beta

v0.30.0

v0.31.0

v0.32.0

v0.32.1

v0.32.2

v0.32.3

v0.33.0

v0.33.1

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.37.1

v0.38.0

v0.39.0

v0.39.1

v0.4.0beta

v0.5.0beta

v0.6.0beta

v0.6.1beta

v0.6.2beta

v0.6.3beta

v0.7.0beta

v0.7.1beta

v0.8.0beta

v0.8.1beta

v0.9.0beta

v0.9.1beta

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33904.json"