OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #89 from nabijaczleweli/master

Browse Source 
safe-transmute's vec-to-vec transmutations could lead to heap overflow/corruption
This commit is contained in:
Tony Arcieri
2019-03-03 07:14:53 -08:00
committed by GitHub
parent bf2763b2dd b34dcfbeaf
commit 6c769769c8
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/safe-transmute/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,23 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "safe-transmute"
date = "2019-03-02"
title = "Vec-to-vec transmutations could lead to heap overflow/corruption"
description = """
Affected versions of this crate switched the length and capacity arguments in the Vec::from_raw_parts() constructor,
which could lead to memory corruption or data leakage.
The flaw was corrected by using the constructor correctly.
"""
patched_versions = [">= 0.10.1"]
unaffected_versions = ["< 0.4.0"]
url = "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36"
keywords = ["memory-corruption"]
[affected_paths]
">= 0.4.0, <= 0.10.0" = ["safe_transmute::guarded_transmute_vec_permissive"]
"= 0.10.0" = ["safe_transmute::guarded_transmute_to_bytes_vec"]