GHSA-8vxc-r5wp-vgvc

Suggest an improvement
Source
https://github.com/advisories/GHSA-8vxc-r5wp-vgvc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-8vxc-r5wp-vgvc/GHSA-8vxc-r5wp-vgvc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8vxc-r5wp-vgvc
Aliases
Published
2023-03-24T22:00:05Z
Modified
2023-11-08T04:12:11.444949Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVSS Calculator
Summary
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Details

Impact

An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmm_sys_util::fam::FamStructWrapper, which can lead to out of bounds memory accesses.

Patches

The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.

Workarounds

-

References

  • https://github.com/firecracker-microvm/versionize/pull/53
Database specific
{
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "github_reviewed_at": "2023-03-24T22:00:05Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-125"
    ]
}
References

Affected packages

crates.io / versionize

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.1.1
Fixed
0.1.10