GHSA-fq33-vmhv-48xh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fq33-vmhv-48xh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-fq33-vmhv-48xh/GHSA-fq33-vmhv-48xh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fq33-vmhv-48xh
- Aliases
- Published
- 2023-04-07T19:23:49Z
- Modified
- 2023-11-08T04:19:06.327800Z
- Summary
- ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
- Details
-
The following usage causes undefined behavior.
let kp: ntru::types::KeyPair = …; kp.get_public().export(Default::default())When compiled with debug assertions, the code above will trigger a
attempt to subtract with overflowpanic before UB occurs. Other mistakes (e.g. usingEncParamsfrom a different key) may always trigger UB.Likely, older versions of this crate are also affected, but have not been tested.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-04-07T19:23:49Z" }- References
Affected packages
crates.io / ntru
Package
- Name
- ntru
- View open source insights on deps.dev
- Purl
- pkg:cargo/ntru