Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-33388
CVE-2021-33388:
NixOS vulnerability analysis and mitigation
Overview
dpic 2021.04.10 contains a heap buffer overflow vulnerability in the themakevar() function in dpic.y. The vulnerability was discovered and disclosed in May 2021 and assigned identifier CVE-2021-33388. The issue affects the dpic software version 2021.04.10 (GitLab Issue, NVD).
Technical details
The vulnerability stems from improper bounds checking in the makevar() function's for loop implementation. The chbuf buffer is allocated with size CHBUFSIZ+1 (4096 bytes), but when chbufi is 4089 and the input length (ln) is greater than 6, it causes an out-of-bounds write. For example, when ln is 8, it results in writing to chbuf[4096], which is beyond the allocated buffer size. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).
Impact
This heap buffer overflow vulnerability could allow attackers to cause memory corruption, potentially leading to arbitrary code execution or program crashes. The high CVSS score indicates critical severity with potential for complete system compromise (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management