OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

mail-internals memory corruption (#1741)

Browse Source
This commit is contained in:
наб
2023-08-24 12:20:06 +02:00
committed by GitHub
parent 5bde16559d
commit 3f70263445
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/mail-internals/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "mail-internals"
date = "2023-08-07"
url = "https://git.sr.ht/~nabijaczleweli/mail-internals.crate/commit/05443c864b204e7f1512caf2d53e8cce4dd340fc"
categories = ["memory-corruption"]
keywords = ["mail", "mail-api"]
[affected]
functions = { "mail_internals::utils::vec_insert_bytes" = [">= 0.2.0"] }
[versions]
patched = []
```
# Use-after-free in `vec_insert_bytes`
Incorrect reallocation logic in the function [`vec_insert_bytes`](https://docs.rs/mail-internals/0.2.3/mail_internals/utils/fn.vec_insert_bytes.html) causes a use-after-free.
This function does not have to be called directly to trigger the vulnerability because many methods on [`EncodingWriter`](https://docs.rs/mail-internals/0.2.3/mail_internals/encoder/struct.EncodingWriter.html) call this function internally.
The mail-\* suite is unmaintained and the upstream sources have been actively vandalised.
A fixed `mail-internals-ng` (and `mail-headers-ng` and `mail-core-ng`) crate has been published which fixes this, and a dependency on another unsound crate.