OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6f3502cf6d2dda7bfa0c4f81c97b67f41aedadbf
advisory-db/crates/iced-x86/RUSTSEC-2021-0068.md
Alexander Kjäll f4a8973706 add cve info to advisories (#1099) 
* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2021-11-06 21:37:35 +01:00

773 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0068"
package = "iced-x86"
date = "2021-05-19"
url = "https://github.com/icedland/iced/issues/168"
keywords = ["soundness"]
aliases = ["CVE-2021-38188"]

[affected]
functions = { "iced_x86::Decoder::new" = ["<= 1.10.3"] }

[versions]
patched = ["> 1.10.3"]

Soundness issue in iced-x86 versions <= 1.10.3

Versions of iced-x86 <= 1.10.3 invoke undefined behavior which may cause soundness issues in crates using the iced_x86::Decoder struct. The Decoder::new() function made a call to slice.get_unchecked(slice.length()) to get the end position of the input buffer. The flaw was fixed with safe logic that does not invoke undefined behavior.

More details can be found at https://github.com/icedland/iced/issues/168.