Vulnerability roundup 107: faust-0.9.90: 1 advisory [5.5]

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

18.35k stars 14.31k forks source link

Vulnerability roundup 107: faust-0.9.90: 1 advisory [5.5] #142965

Open ckauhaus opened 3 years ago

ckauhaus commented 3 years ago

search, files

[ ] CVE-2021-32275 CVSSv3=5.5 (nixos-21.05, nixos-unstable)

CVE details

CVE-2021-32275

An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service.

Scanned versions: nixos-21.05: 3b1789322fc; nixos-unstable: 34ad3ffe08a.

Cc @magnetophon Cc @pmahoney

tomodachi94 commented 6 months ago

CVE-2021-32275 tracked by https://github.com/grame-cncm/faust/issues/482, and still an issue.

magnetophon commented 6 months ago

Should we mark this as broken?

tomodachi94 commented 6 months ago

Probably best to add a meta.knownVulnerabilities entry with the CVE identifier, like this:

https://github.com/NixOS/nixpkgs/blob/402031bfe65dba24a9ea6ebb27a1b0bff94feb10/pkgs/applications/graphics/ImageMagick/6.x.nix#L123-L142