Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tcnJ3LWdyaHEtODZnZs4AAx3Z

Ascii (crate) allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From<&mut AsciiStr> for &mut [u8] and &mut str. This can result in out-of-bounds array indexing in safe code.

The flaw was corrected in commit 8a6c779 by removing those impls.

Permalink: https://github.com/advisories/GHSA-mrrw-grhq-86gf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcnJ3LWdyaHEtODZnZs4AAx3Z
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 9 months ago

Identifiers: GHSA-mrrw-grhq-86gf
References:

https://github.com/tomprogrammer/rust-ascii/issues/64
https://github.com/tomprogrammer/rust-ascii/pull/63/commits/8a6c7798c202766bd57d70fb8d12739dd68fb9dc
https://rustsec.org/advisories/RUSTSEC-2023-0015.html
https://github.com/advisories/GHSA-mrrw-grhq-86gf

Affected Packages

cargo:ascii

Versions: >= 0.6.0, < 0.9.3
Fixed in: 0.9.3