Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xNTc5LTl3cDktZ2ZwMs4AArsw
Window can read out of bounds if Read instance returns more bytes than buffer size
rdiff
performs a diff of two provided strings or files. As part of its reading code it uses the return value of a Read
instance to set the length of its internal character vector.
If the Read
implementation claims that it has read more bytes than the length of the provided buffer, the length of the vector will be set to longer than its capacity. This causes rdiff
APIs to return uninitialized memory in its API
methods.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNTc5LTl3cDktZ2ZwMs4AArsw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 11 months ago
Identifiers: GHSA-q579-9wp9-gfp2
References:
- https://github.com/dyule/rdiff/issues/3
- https://rustsec.org/advisories/RUSTSEC-2021-0094.html
- https://github.com/advisories/GHSA-q579-9wp9-gfp2
Blast Radius: 0.0
Affected Packages
cargo:rdiff
Dependent packages: 1Dependent repositories: 1
Downloads: 3,545 total
Affected Version Ranges: <= 0.1.2
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2