RUSTSEC-2024-0408

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2024-0408

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0408.json

JSON Data

https://api.test.osv.dev/v1/vulns/RUSTSEC-2024-0408

Published

2024-12-04T12:00:00Z

Modified

2024-12-05T04:00:56Z

Summary

Unsound usages of `std::slice::from_raw_parts`

Details

The library breaks the safety assumptions when using unsafe API std::slice::from_raw_parts. First, when using the API in iterator implementation (TempFdArrayIterator.next), generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the address, the code passed the type c_void, which could also be any type, leading to potential uninitialized memory exposure.

Two unsound usages here highlight the necessity for developers to perform type checks before doing type conversion with unsafe API.

The panic caused by the misalignment causes several downstream applications (e.g., greptimedb) to crash when using pprof::report::ReportBuilder::build.

This was patched in 0.14.0.

The developer also suggested moving to pprof2.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / pprof

Package

Name: pprof; View open source insights on deps.dev
Purl: pkg:cargo/pprof

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.14.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "pprof::report::ReportBuilder::build",
            "pprof::validate"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": []
}