mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

github-actions[bot] 6078097fb6 Assigned RUSTSEC-2023-0032 to ntru (#1674 )

Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>

2023-04-06 20:57:33 +10:00

883 B

Raw Blame History

[advisory]
id = "RUSTSEC-2023-0032"
package = "ntru"
date = "2023-03-22"
url = "https://github.com/FrinkGlobal/ntru-rs/issues/8"
categories = ["memory-corruption"]
keywords = ["ffi", "buffer overflow"]
informational = "unsound"

[versions]
patched = []

[affected.functions]
"ntru::types::PrivateKey::export" = [">= 0.4.3"]
"ntru::types::PublicKey::export" = [">= 0.4.3"]

Unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior.

let kp: ntru::types::KeyPair = …;
kp.get_public().export(Default::default())

When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes (e.g. using EncParams from a different key) may always trigger UB.

Likely, older versions of this crate are also affected, but have not been tested.

883 B Raw Blame History

Unsound FFI: Wrong API usage causes write past allocated area

883 B

Raw Blame History