mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
20 lines
785 B
TOML
20 lines
785 B
TOML
[advisory]
|
|
id = "RUSTSEC-2020-0004"
|
|
package = "lucet-runtime-internals"
|
|
date = "2020-01-24"
|
|
title = "sigstack allocation bug can cause memory corruption or leak"
|
|
url = "https://github.com/bytecodealliance/lucet/pull/401"
|
|
categories = ["memory-corruption", "memory-exposure"]
|
|
description = """
|
|
An embedding using affected versions of lucet-runtime configured to use
|
|
non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode
|
|
without optimizations, could leak data from the signal handler stack to guest
|
|
programs. This can potentially cause data from the embedding host to leak to
|
|
guest programs or cause corruption of guest program memory.
|
|
|
|
This flaw was resolved by correcting the sigstack allocation logic.
|
|
"""
|
|
|
|
[versions]
|
|
patched = ["< 0.5.0, >= 0.4.3", ">= 0.5.1"]
|