GHSA-49hh-fprx-m68g

Suggest an improvement
Source
https://github.com/advisories/GHSA-49hh-fprx-m68g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-49hh-fprx-m68g/GHSA-49hh-fprx-m68g.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-49hh-fprx-m68g
Aliases
Published
2023-09-04T16:35:37Z
Modified
2023-11-01T05:02:52.106515Z
Severity
  • 2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Details

Impact

An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref} trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice function returns a VolatileSlice whose length is less than the function’s count argument. No implementations of get_slice provided in vm_memory are affected. Users of custom VolatileMemory implementations may be impacted if the custom implementation does not adhere to get_slice's documentation.

Patches

The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice returned by get_slice is of the correct length.

Workarounds

Not Required

References

https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8 https://crates.io/crates/vm-memory/0.12.2

Database specific
{
    "nvd_published_at": "2023-09-01T19:15:42Z",
    "cwe_ids": [
        "CWE-125"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-04T16:35:37Z"
}
References

Affected packages

crates.io / vm-memory

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.12.2