OSV-2022-168

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fmt/OSV-2022-168.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-168

Published

2022-02-19T00:01:40.526021Z

Modified

2022-04-13T03:04:33.952012Z

Summary

Heap-buffer-overflow in fmt::v8::detail::big_decimal_fp fmt::v8::detail::write_padded<

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44791

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
fmt::v8::detail::big_decimal_fp fmt::v8::detail::write_padded<
std::__1::back_insert_iterator&lt;fmt::v8::basic_memory_buffer&lt;char, 500ul, std::__
std::__1::back_insert_iterator&lt;fmt::v8::basic_memory_buffer&lt;char, 500ul, std::__

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44791

Affected packages

OSS-Fuzz / fmt

Package

Name: fmt
Purl: pkg:generic/fmt

Affected ranges

Type: GIT
Repo: https://github.com/fmtlib/fmt.git
Events: Introduced

161059dd981b18a3f6b9babc922539adc52dab70

Fixed

86477f7ecc1606e15abae1ff784e6b0c55d99619

Ecosystem specific

{
    "severity": "HIGH"
}