RUSTSEC-2020-0004

Source
https://rustsec.org/advisories/RUSTSEC-2020-0004
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0004.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0004
Aliases
Published
2020-01-24T12:00:00Z
Modified
2023-11-08T04:03:35.973145Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
sigstack allocation bug can cause memory corruption or leak
Details

An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to leak to guest programs or cause corruption of guest program memory.

This flaw was resolved by correcting the sigstack allocation logic.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / lucet-runtime-internals

Package

Name
lucet-runtime-internals
View open source insights on deps.dev
Purl
pkg:cargo/lucet-runtime-internals

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.4.3
Introduced
0.5.0
Fixed
0.5.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption",
        "memory-exposure"
    ]
}