OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6035ece49941f02cef1d201893ba2ab2f4170cb8
advisory-db/crates/iana-time-zone/RUSTSEC-2022-0049.md
René Kijewski b75822a011 RUSTSEC-2022-0049: recategorize as memory-exposure (#1368) 
Because of the bug random data was read, but still written into a sane
buffer.
2022-08-17 03:08:30 +10:00

809 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0049"
package = "iana-time-zone"
date = "2022-08-15"
url = "https://github.com/strawlab/iana-time-zone/pull/54"
references = ["https://github.com/strawlab/iana-time-zone/pull/50#discussion_r945353515"]
categories = ["memory-exposure"]
informational = "unsound"

[affected]
os = ["ios", "macos"]
functions = { "iana_time_zone::get_timezone" = ["> 0.1.42, < 0.1.45"] }

[versions]
patched = [">= 0.1.45"]
unaffected = ["< 0.1.43"]

Use after free in MacOS / iOS implementation

In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.

The copied system time zone was released before its name was copied. If the system time zone was changed between the call of CFRelease and str::to_owned(), random memory would be copied.