Add advisory for iced-x86 soundness bug (#914)

* Add advisory for iced-x86 soundness bug * Fix template format
2026-01-05 19:20:34 +01:00 · 2021-05-22 08:20:37 -07:00
parent 256e923a29
commit 23334c682b
1 changed files with 28 additions and 0 deletions
--- a/crates/iced-x86/RUSTSEC-0000-0000.md
+++ b/crates/iced-x86/RUSTSEC-0000-0000.md
@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "iced-x86"
+
+date = "2021-05-19"
+
+url = "https://github.com/icedland/iced/issues/168"
+
+keywords = ["soundness"]
+
+[affected]
+functions = { "iced_86::Decoder::new" = ["<= 1.10.3"] }
+
+[versions]
+patched = ["> 1.10.3"]
+```
+
+# Soundness issue in `iced-x86` versions <= 1.10.3 
+
+Versions of iced-x86 <= 1.10.3 invoke undefined behavior which may cause soundness
+issues in crates using the `iced_x86::Decoder` struct. The `Decoder::new()` function
+made a call to `slice.get_unchecked(slice.length())` to get the end position of 
+the input buffer. The flaw was fixed with safe logic that does not invoke undefined
+behavior.
+
+More details can be found at <https://github.com/icedland/iced/issues/168>.