mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
24 lines
820 B
TOML
24 lines
820 B
TOML
[advisory]
|
|
id = "RUSTSEC-2018-0013"
|
|
package = "safe-transmute"
|
|
date = "2018-11-27"
|
|
title = "Vec-to-vec transmutations could lead to heap overflow/corruption"
|
|
description = """
|
|
Affected versions of this crate switched the length and capacity arguments in the Vec::from_raw_parts() constructor,
|
|
which could lead to memory corruption or data leakage.
|
|
|
|
The flaw was corrected by using the constructor correctly.
|
|
"""
|
|
url = "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36"
|
|
keywords = ["memory-corruption"]
|
|
|
|
# TODO(tarcieri): fix linter to respect crate name
|
|
#[affected.functions]
|
|
#"safe_transmute::guarded_transmute_vec_permissive" = [">= 0.4.0, <= 0.10.0"]
|
|
#"safe_transmute::guarded_transmute_to_bytes_vec" = ["= 0.10.0"]
|
|
aliases = ["CVE-2018-21000"]
|
|
|
|
[versions]
|
|
patched = [">= 0.10.1"]
|
|
unaffected = ["< 0.4.0"]
|