An issue was discovered in the Versionize::deserialize
implementation provided by the versionize
crate for vmm_sys_util::fam::FamStructWrapper
, which can lead to out of bounds memory accesses.
The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.
-
{ "nvd_published_at": "2023-03-24T20:15:00Z", "github_reviewed_at": "2023-03-24T22:00:05Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-125" ] }