Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un
Ouch! allows a segmentation fault due to use of uninitialized memory
When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convert_zip_date_time". In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object, the address of the object is changed to the uninitialized memory region. After that, when other function tries to dereference "month", segmentation fault occurs.
Permalink: https://github.com/advisories/GHSA-2wq5-g96f-mv3vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 20 days ago
Updated: 20 days ago
Identifiers: GHSA-2wq5-g96f-mv3v
References:
- https://github.com/ouch-org/ouch/issues/707
- https://rustsec.org/advisories/RUSTSEC-2024-0374.html
- https://github.com/advisories/GHSA-2wq5-g96f-mv3v
Blast Radius: 1.0
Affected Packages
cargo:ouch
Dependent packages: 0Dependent repositories: 0
Downloads: 17,239 total
Affected Version Ranges: < 0.3.1
Fixed in: 0.3.1
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0
All unaffected versions: 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1