mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

803 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0007"
package = "av-data"
aliases = ["CVE-2021-25904"]
date = "2021-01-07"
url = "https://github.com/rust-av/rust-av/issues/136"
categories = ["memory-exposure", "privilege-escalation"]

[versions]
patched = [">= 0.3.0"]

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copy_from_raw_parts() is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may also cause the program to segfault.

The flaw was corrected in https://github.com/rust-av/rust-av/pull/137, by removing the API fn Frame::copy_from_raw_parts().

803 B Raw Blame History

Frame::copy_from_raw_parts can lead to segfault without unsafe

803 B

Raw Blame History

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`