Merge pull request #116 from Licenser/simd-json-pr-27

Add advisory for segfault bug in simd-json.rs
2026-01-01 17:20:33 +01:00 · 2019-06-24 13:11:21 -07:00
parent fd759b72f2 8134840ade
commit 003d42c27e
1 changed files with 38 additions and 0 deletions
--- a/crates/simd-json/RUSTSEC-0000-0000.toml
+++ b/crates/simd-json/RUSTSEC-0000-0000.toml
@@ -0,0 +1,38 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "simd-json"
+
+date = "2019-06-24"
+
+title = "Flaw in string parsing can lead to crashes due to invalid memory access."
+
+description = """
+The affected version of this crate did not guard against accessing memory
+beyond the range of its input data. A pointer cast to read the data into
+a 256-bit register could lead to a segmentation fault when the end plus
+the 32 bytes (256 bit) read would overlap into the next page during string
+parsing.
+
+```
+page   |  ...  page 1  ...  | ... page 2  ... |
+data   | x[n * 32 byte]xx__ |                 |
+access | ..][ 32 byte ]     |                 |
+segflt |               [ 32 | byte ]          |
+```
+
+This allows an attacker to eventually crash a service.
+ 
+The flaw was corrected by using a padding buffer for the last read from the
+input. So that we are we never read over the boundary of the input data.
+"""
+
+patched_versions = [">= 0.1.15"]
+
+unaffected_versions = ["<= 0.1.13"]
+
+url = "https://github.com/Licenser/simdjson-rs/pull/273"
+
+keywords = ["simd"]
+
+affected_arch = ["x86", "x86_64"]