mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-13 21:18:11 +01:00
29 lines
1.2 KiB
TOML
29 lines
1.2 KiB
TOML
[advisory]
|
|
id = "RUSTSEC-2018-0008"
|
|
package = "slice-deque"
|
|
date = "2018-12-05"
|
|
url = "https://github.com/gnzlbg/slice_deque/issues/57"
|
|
keywords = ["memory-corruption", "rce"]
|
|
title = "Bug in SliceDeque::move_head_unchecked allows read of corrupted memory"
|
|
description = """
|
|
|
|
Affected versions of this crate did not properly update the
|
|
head and tail of the deque when inserting and removing elements from the front
|
|
if, before insertion or removal, the tail of the deque was in the mirrored
|
|
memory region, and if, after insertion or removal, the head of the deque is
|
|
exactly at the beginning of the mirrored memory region.
|
|
|
|
An attacker that controls both element insertion and removal into the deque
|
|
could put it in a corrupted state. Once the deque enters such an state, its head
|
|
and tail are corrupted, but in bounds of the allocated memory. This can result
|
|
in partial reads and writes, reads of uninitialized memory, reads of memory
|
|
containing previously dropped objects, etc. An attacker could exploit this to
|
|
alter program execution.
|
|
|
|
The flaw was corrected by properly updating the head and tail of the deque in
|
|
this case. """
|
|
aliases = ["CVE-2018-20995"]
|
|
|
|
[versions]
|
|
patched = [">= 0.1.16"]
|