subject:"bug#47542\: rust\-stackvector package is vulnerable to CVE\-2021\-29939"

bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939

2021-06-28 Thread zimoun

Hi,

On Thu, 01 Apr 2021 at 15:47, Léo Le Bouter  wrote:
> CVE-2021-2993907:15
> An issue was discovered in the stackvector crate through 2021-02-19 for
> Rust. There is an out-of-bounds write in StackVec::extend if size_hint
> provides certain anomalous data.
>
> No fix released upstream yet:
> https://github.com/Alexhuszagh/rust-stackvector/issues/2
>
> Out of bounds write sounds like it could have dangerous consequences,
> not sure how likely is "size_hint provides certain anomalous data"
> though.

Thanks for the report.

Commit 015cd2e86e779907085d356c69b6091dc8ac1788 updating to 1.1.1 should
fix the security issue; as upstream said.  So, closing.

All the best,
simon

bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939

2021-04-01 Thread Léo Le Bouter via Bug reports for GNU Guix

CVE-2021-29939  07:15
An issue was discovered in the stackvector crate through 2021-02-19 for
Rust. There is an out-of-bounds write in StackVec::extend if size_hint
provides certain anomalous data.

No fix released upstream yet: 
https://github.com/Alexhuszagh/rust-stackvector/issues/2

Out of bounds write sounds like it could have dangerous consequences,
not sure how likely is "size_hint provides certain anomalous data"
though.


signature.asc
Description: This is a digitally signed message part

bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939

bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939

2 matches

Site Navigation

Mail list logo

Footer information