OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 15:28:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #231 from RustSec/RUSTSEC-2020-0004

Browse Source 
Assign RUSTSEC-2020-0004 to lucet-runtime-internals
This commit is contained in:
Tony Arcieri
2020-01-27 07:30:39 -08:00
committed by GitHub
parent 723abd4d2b d8e872fd93
commit a6d99fb52e
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml → crates/lucet-runtime-internals/RUSTSEC-2020-0004.toml
View File

@@ -1,12 +1,8 @@
[advisory]
id = "RUSTSEC-0000-0000"
id = "RUSTSEC-2020-0004"
package = "lucet-runtime-internals"
date = "2020-01-24"
title = "sigstack allocation bug can cause memory corruption or leak"
description = """
An embedding using affected versions of lucet-runtime configured to use
non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode
@@ -16,9 +12,6 @@ guest programs or cause corruption of guest program memory.
This flaw was resolved by correcting the sigstack allocation logic.
"""
patched_versions = ["< 0.5.0, >= 0.4.3", ">= 0.5.1"]
url = "https://github.com/bytecodealliance/lucet/pull/401"
categories = ["memory-corruption", "memory-exposure"]