OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
01ac699fd5f58db3a0b0cabcf0e5ec596d8420d0
advisory-db/crates/stackvector/RUSTSEC-2021-0048.md
Sergey "Shnatsel" Davidoff d5a60f2737 Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945)
2021-07-02 01:39:03 +02:00

24 lines
874 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2021-0048"
package = "stackvector"
aliases = ["CVE-2021-29939"]
date = "2021-02-19"
url = "https://github.com/Alexhuszagh/rust-stackvector/issues/2"
categories = ["memory-corruption"]
[versions]
patched = [">= 1.0.9"]
```
# StackVec::extend can write out of bounds when size_hint is incorrect
`StackVec::extend` used the lower and upper bounds from an Iterator's
`size_hint` to determine how many items to push into the stack based vector.
If the `size_hint` implementation returned a lower bound that was larger than
the upper bound, `StackVec` would write out of bounds and overwrite memory
on the stack. As mentioned by the [size_hint](https://doc.rust-lang.org/std/iter/trait.Iterator.html#provided-methods)
documentation, `size_hint` is mainly for optimization and incorrect
implementations should not lead to memory safety issues.
Reference in New Issue View Git Blame Copy Permalink