GHSA-g23h-7vf9-xc25
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g23h-7vf9-xc25
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-g23h-7vf9-xc25/GHSA-g23h-7vf9-xc25.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g23h-7vf9-xc25
- Published
- 2024-11-12T21:21:36Z
- Modified
- 2024-11-12T21:21:36Z
- Severity
-
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Mimalloc Can Allocate Memory with Bad Alignment
- Details
-
This crate depended on a promise regarding alignments made by the author of the mimalloc allocator to avoid using aligned allocation functions where possible for performance reasons. Since then, the mimalloc allocator's logic changed, making it break this promise. This caused this crate to return memory with an incorrect alignment for some allocations, particularly those with large alignments. The flaw was fixed by always using the aligned allocation functions.
- References
Affected packages
crates.io / mimalloc
Package
- Name
- mimalloc
- View open source insights on deps.dev
- Purl
- pkg:cargo/mimalloc