OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-05 19:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for slice-deque

Browse Source
This commit is contained in:
gnzlbg
2018-12-06 16:01:58 +01:00
parent d8f38b8187
commit 895fe023df
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
crates/slice_deque/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,24 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "slice_deque"
date = "2018-12-05"
patched_versions = [">= 0.1.16"]
url = "https://github.com/gnzlbg/slice_deque/issues/57"
title = "Bug in SliceDeque::move_head_unchecked allows read of corrupted memory"
description = """
Affected versions of this crate did not properly update the
head and tail of the deque when inserting and removing elements from the front
if, before insertion or removal, the tail of the deque was in the mirrored
memory region, and if, after insertion or removal, the head of the deque is
exactly at the beginning of the mirrored memory region.
An attacker that controls both element insertion and removal into the deque
could put it in a corrupted state. Once the deque enters such an state, its head
and tail are corrupted, but in bounds of the allocated memory. This can result
in partial reads and writes, reads of uninitialized memory, reads of memory
containing previously dropped objects, etc. An attacker could exploit this to
alter program execution.
The flaw was corrected by properly updating the head and tail of the deque in
this case. """