Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyaG0tdmg3Zy1ocmg5
Partial read is incorrect in molecule
Impact
Anyone who uses total_size(..)
function to partial read the length of any FixVec
will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release.
Workarounds
If you already have the whole FixVec
A
, you can use A.as_slice().len()
to get the total size of the FixVec
.
For more information
If you have any questions or comments about this advisory:
Permalink: https://github.com/advisories/GHSA-82hm-vh7g-hrh9JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyaG0tdmg3Zy1ocmg5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-82hm-vh7g-hrh9
References:
- https://github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9
- https://github.com/nervosnetwork/molecule/pull/49
- https://rustsec.org/advisories/RUSTSEC-2021-0103.html
- https://github.com/advisories/GHSA-82hm-vh7g-hrh9
Blast Radius: 0.0
Affected Packages
cargo:molecule
Dependent packages: 15Dependent repositories: 136
Downloads: 421,118 total
Affected Version Ranges: < 0.7.2
Fixed in: 0.7.2
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.2.0, 0.2.5, 0.3.0, 0.3.1, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1
All unaffected versions: 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.8.0