OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 02:25:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for nalgebra VecStorage/MatrixVec (#931)

Browse Source
This commit is contained in:
Austin Hartzheim
2021-06-06 17:42:06 +00:00
committed by GitHub
parent 40afced5fb
commit 46e657b29c
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/nalgebra/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "nalgebra"
date = "2021-06-06"
url = "https://github.com/dimforge/nalgebra/issues/883"
categories = ["memory-corruption", "memory-exposure"]
keywords = ["memory-safety"]
[versions]
patched = [">= 0.27.1"]
unaffected = ["< 0.11.0"]
```
# VecStorage Deserialize Allows Violation of Length Invariant
The `Deserialize` implementation for `VecStorage` did not maintain the invariant that the number of elements must equal `nrows * ncols`. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector.
This flaw was introduced in v0.11.0 ([`086e6e`](https://github.com/dimforge/nalgebra/commit/086e6e719f53fecba6dadad2e953a487976387f5)) due to the addition of an automatically derived implementation of `Deserialize` for `MatrixVec`. `MatrixVec` was later renamed to `VecStorage` in v0.16.13 ([`0f66403`](https://github.com/dimforge/nalgebra/commit/0f66403cbbe9eeac15cedd8a906c0d6a3d8841f2)) and continued to use the automatically derived implementation of `Deserialize`.
This flaw was corrected in commit [`5bff536`](https://github.com/dimforge/nalgebra/commit/5bff5368bf38ddfa31416e4ae9897b163031a513) by returning an error during deserialization if the number of elements does not exactly match the expected size.