Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jZjRnLWZjZjgtM2NyOc4AAxgf
`pnet_packet` buffer overrun in `set_payload` setters
As indicated by this issue, a buffer overrun is possible in the set_payload setter of the various mutable "Packet" struct setters. The offending set_payload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro.
Fixed in the packet macro by this PR.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jZjRnLWZjZjgtM2NyOc4AAxgf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 6.0
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-cf4g-fcf8-3cr9
References:
- https://github.com/libpnet/libpnet/issues/449
- https://rustsec.org/advisories/RUSTSEC-2020-0167.html
- https://github.com/advisories/GHSA-cf4g-fcf8-3cr9
Blast Radius: 16.4
Affected Packages
cargo:pnet_packet
Dependent packages: 39Dependent repositories: 551
Downloads: 4,330,606 total
Affected Version Ranges: < 0.27.2
Fixed in: 0.27.2
All affected versions: 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.23.1, 0.25.0, 0.26.0, 0.27.1
All unaffected versions: 0.27.2, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0, 0.33.0, 0.34.0