Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyaG0tdmg3Zy1ocmg5

Partial read is incorrect in molecule

Impact

Anyone who uses total_size(..) function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release.

Workarounds

If you already have the whole FixVec A, you can use A.as_slice().len() to get the total size of the FixVec.

For more information

If you have any questions or comments about this advisory:

Permalink: https://github.com/advisories/GHSA-82hm-vh7g-hrh9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyaG0tdmg3Zy1ocmg5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago


Identifiers: GHSA-82hm-vh7g-hrh9
References: Repository: https://github.com/nervosnetwork/molecule
Blast Radius: 0.0

Affected Packages

cargo:molecule
Dependent packages: 15
Dependent repositories: 136
Downloads: 433,320 total
Affected Version Ranges: < 0.7.2
Fixed in: 0.7.2
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.2.0, 0.2.5, 0.3.0, 0.3.1, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1
All unaffected versions: 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.8.0