Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un

Ouch! allows a segmentation fault due to use of uninitialized memory

When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convert_zip_date_time". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the uninitialized memory region. After that, when other function tries to dereference "month", segmentation fault occurs.

Permalink: https://github.com/advisories/GHSA-2wq5-g96f-mv3v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 20 days ago
Updated: 20 days ago


Identifiers: GHSA-2wq5-g96f-mv3v
References: Repository: https://github.com/ouch-org/ouch
Blast Radius: 1.0

Affected Packages

cargo:ouch
Dependent packages: 0
Dependent repositories: 0
Downloads: 17,239 total
Affected Version Ranges: < 0.3.1
Fixed in: 0.3.1
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0
All unaffected versions: 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1