Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00djUyLTdxMngtdjR4as4AA6qK
eyre: Parts of Report are dropped as the wrong type during downcast
In affected versions, after a Report is constructed using wrap_err or wrap_err_with to attach a message of type D onto an error of type E, then using downcast to recover ownership of either the value of type D or the value of type E, one of two things can go wrong:
-
If downcasting to
E, there remains a value of typeDto be dropped. It is incorrectly "dropped" by runningE's drop behavior, rather thanD's. For example ifDis&strandEisstd::io::Error, there would be a call ofstd::io::Error::dropin which the reference received by theDropimpl does not refer to a valid value of typestd::io::Error, but instead to&str. -
If downcasting to
D, there remains a value of typeEto be dropped. WhenDandEdo not happen to be the same size,E's drop behavior is incorrectly executed in the wrong location. The reference received by theDropimpl may point left or right of the realEvalue that is meant to be getting dropped.
In both cases, when the Report contains an error E that has nontrivial drop behavior, the most likely outcome is memory corruption.
When the Report contains an error E that has trivial drop behavior (for example a Utf8Error) but where D has nontrivial drop behavior (such as String), the most likely outcome is that downcasting to E would leak D.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00djUyLTdxMngtdjR4as4AA6qK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 28 days ago
Updated: 28 days ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-4v52-7q2x-v4xj
References:
- https://github.com/eyre-rs/eyre/issues/141
- https://github.com/eyre-rs/eyre/commit/770ac3fa1435eae3b166a4b072053360e38a0575
- https://rustsec.org/advisories/RUSTSEC-2024-0021.html
- https://github.com/advisories/GHSA-4v52-7q2x-v4xj
Blast Radius: 25.9
Affected Packages
cargo:eyre
Dependent packages: 604Dependent repositories: 2,872
Downloads: 20,374,533 total
Affected Version Ranges: >= 0.6.9, < 0.6.12
Fixed in: 0.6.12
All affected versions: 0.6.9, 0.6.10, 0.6.11
All unaffected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.12