RUSTSEC-2023-0056

Source
https://rustsec.org/advisories/RUSTSEC-2023-0056
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0056.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0056
Aliases
Published
2023-09-01T12:00:00Z
Modified
2023-11-08T04:13:24.188980Z
Severity
  • 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Details

An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref} trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice function returns a VolatileSlice whose length is less than the function’s count argument. No implementations of get_slice provided in vm_memory are affected. Users of custom VolatileMemory implementations may be impacted if the custom implementation does not adhere to get_slice's documentation.

The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice returned by get_slice is of the correct length.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / vm-memory

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.12.2

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "vm_memory::volatile_memory::VolatileMemory::aligned_as_mut",
            "vm_memory::volatile_memory::VolatileMemory::aligned_as_ref",
            "vm_memory::volatile_memory::VolatileMemory::get_array_ref",
            "vm_memory::volatile_memory::VolatileMemory::get_atomic_ref",
            "vm_memory::volatile_memory::VolatileMemory::get_ref"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "informational": "unsound",
    "categories": [
        "memory-exposure"
    ]
}