Vulnerability roundup 110: glibc-2.33-62: 1 advisory [7.5]

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

18.13k stars 14.16k forks source link

Vulnerability roundup 110: glibc-2.33-62: 1 advisory [7.5] #155323

Closed ckauhaus closed 2 years ago

ckauhaus commented 2 years ago

search, files

[ ] CVE-2021-38604 CVSSv3=7.5 (nixos-21.11)

CVE details

CVE-2021-38604

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Scanned versions: nixos-21.11: 3ddd960a3b5.

Cc @edolstra Cc @ma27

TredwellGit commented 2 years ago

https://github.com/NixOS/nixpkgs/pull/134765