OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-19 18:05:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #122 from Shnatsel/libflate-advisory

Browse Source 
Add advisory for libflate
This commit is contained in:
Tony Arcieri
2019-07-07 10:49:08 -07:00
committed by GitHub
parent 7c5fccf193 ab8ae78368
commit 27358aef48
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
crates/libflate/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,17 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "libflate"
date = "2019-07-04"
title = "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code"
description = """
Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in `MultiDecoder::read()` and reverted it to the original value after the function completed. However, execution of `MultiDecoder::read()` could be interrupted by a panic in caller-supplied `Read` implementation. This would cause `drop()` to be called on uninitialized memory of a generic type implementing `Read`.
This is equivalent to a use-after-free vulnerability and could allow an attacker to gain arbitrary code execution.
The flaw was corrected by aborting immediately instead of unwinding the stack in case of panic within `MultiDecoder::read()`. The issue was discovered and fixed by Shnatsel.
"""
patched_versions = [">= 0.1.25"]
unaffected_versions = ["< 0.1.14"]
url = "https://github.com/sile/libflate/issues/35"
keywords = ["drop", "use-after-free"]
affected_functions = ["libflate::gzip::MultiDecoder::read"]