CVE-2023-28448
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-28448
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28448.json
- Aliases
- Published
- 2023-03-24T20:15:15Z
- Modified
- 2023-11-29T10:03:19.467193Z
- Details
-
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for ‘vmmsysutils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.
- References