GHSA-9frf-r7c7-j2vg

Suggest an improvement
Source
https://github.com/advisories/GHSA-9frf-r7c7-j2vg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-9frf-r7c7-j2vg/GHSA-9frf-r7c7-j2vg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9frf-r7c7-j2vg
Aliases
Published
2021-08-25T20:54:14Z
Modified
2023-11-08T04:05:44.063920Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Out of bounds write in stackvector
Details

StackVec::extend used the lower and upper bounds from an Iterator's sizehint to determine how many items to push into the stack based vector. If the sizehint implementation returned a lower bound that was larger than the upper bound, StackVec would write out of bounds and overwrite memory on the stack. As mentioned by the sizehint documentation, sizehint is mainly for optimization and incorrect implementations should not lead to memory safety issues.

Database specific
{
    "nvd_published_at": "2021-04-01T05:15:00Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:15:11Z"
}
References

Affected packages

crates.io / stackvector

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.9