Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-5377
CVE-2023-5377:
NixOS vulnerability analysis and mitigation
Overview
An out-of-bounds read vulnerability was discovered in the GPAC repository prior to version v2.2.2-DEV. The vulnerability is tracked as CVE-2023-5377 and has been assigned a CVSS v3.1 base score of 7.1 (HIGH) (NVD).
Technical details
The vulnerability is classified as CWE-125 (Out-of-bounds Read). According to the CVSS v3.1 vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H), the vulnerability requires local access and user interaction, but no privileges, and can lead to high impacts on confidentiality and availability (NVD).
Impact
The vulnerability can result in high impacts on both confidentiality and availability of the affected system, while integrity remains unaffected according to the CVSS scoring (NVD).
Mitigation and workarounds
A patch has been released to address this vulnerability. Users should upgrade to GPAC version v2.2.2-DEV or later. The fix is documented in the GitHub repository commit (GitHub Patch).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management