RUSTSEC-2024-0374

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2024-0374

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0374.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2024-0374

Published

2024-09-22T12:00:00Z

Modified

2024-09-22T10:28:31Z

Summary

Segmentation fault due to use of uninitialized memory

Details

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convertzipdate_time". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the uninitialized memory region. After that, when other function tries to dereference "month", segmentation fault occurs.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / ouch

Package

Name: ouch; View open source insights on deps.dev
Purl: pkg:cargo/ouch

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.3.2-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "ouch::archive::zip::convert_zip_date_time"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}