From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 01 09:47:59 2021 Received: (at submit) by debbugs.gnu.org; 1 Apr 2021 13:48:00 +0000 Received: from localhost ([127.0.0.1]:56726 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRxfz-0004Ug-Mv for submit@debbugs.gnu.org; Thu, 01 Apr 2021 09:47:59 -0400 Received: from lists.gnu.org ([209.51.188.17]:50678) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRxfx-0004UY-VJ for submit@debbugs.gnu.org; Thu, 01 Apr 2021 09:47:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47438) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRxfx-0006Gl-Ns for bug-guix@gnu.org; Thu, 01 Apr 2021 09:47:57 -0400 Received: from mail.zaclys.net ([178.33.93.72]:32827) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRxfu-0007M8-RB for bug-guix@gnu.org; Thu, 01 Apr 2021 09:47:57 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 131DlpYx053283 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 1 Apr 2021 15:47:51 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 131DlpYx053283 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617284871; bh=AOx7hLq3/HVp10BiqVhCqHZimzDa8tkfv1jXRLzh4aQ=; h=Subject:From:To:Date:From; b=nyMIV6Gd7owLW7/xT8AxvCzRZSFjoTmxkGS0qpd0axZOkYSlURZYMrv68PzIQmnUP 7bBaNG8LRbVZiGDLOcuhUvJVGrNERctB8CioI8m/JrDZOdKvnq1pYRfGEd0Ivf6Vy+ GfzGFqhx/GaxQmlfzooKBbruDUhtlfKPCLqN/VWA= Message-ID: <5880a0d2db58bae9f641e746f405fe4cd0e1bca3.camel@zaclys.net> Subject: rust-stackvector package is vulnerable to CVE-2021-29939 From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: bug-guix@gnu.org Date: Thu, 01 Apr 2021 15:47:51 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-SU+WlSjaF+Im5/dcf13Q" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net; helo=mail.zaclys.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.4 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: CVE-2021-29939 07:15 An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. No fix released upstream yet: https://github.com/Alexhuszagh/rust-stackvector/issues/2 Content analysis details: (1.4 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [209.51.188.17 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [209.51.188.17 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-SU+WlSjaF+Im5/dcf13Q Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable CVE-2021-29939 07:15 An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. No fix released upstream yet:=20 https://github.com/Alexhuszagh/rust-stackvector/issues/2 Out of bounds write sounds like it could have dangerous consequences, not sure how likely is "size_hint provides certain anomalous data" though. --=-SU+WlSjaF+Im5/dcf13Q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBlzwcACgkQRaix6GvN EKazwA//ZG+U8hJ1tuaHCCzjr9Dn5hcEF2KDVF9qFTYU9E+8t6xb7vlOJY8BaKRU vH5mun34RYDl1b1VnQ1n1XOmk29cZyU1xa8w2Wv4LIjD7ByjyfqVQ4p64AODEAX/ Evg8V8CBx176ANgcVYqC0d1QlBVkyEMvs54qDk+WxGqLWrxzPPgyPQvoGl7ZT6M2 5aqXUMDwvL0HVGSMr3NiI00s5uAmY1STKNUktGu7APmdMAZj9Zd96NNOiZGRgn0b wZ0I0t7NrUNNam4RjGYYc7quyHJVZFD107R3eEbN7BX4AyZm9LXuTwxa/EALBQyD SizLRGmjs3/70IQln7u78PU7FTzAQe6RIDxMEqB+jQMrFC8xZ8ltiuG+FCtWhrzN l4OfoCLZjAwCxW2P3RGeF6YxmMrfAIBTXaTUWQHBO3sMRRmmWX3yr5ozo+2bgWpr Yc1TmkGgkHE3bENNMGnXp5G7+hyd+DS/0iIB+TL7gNT0FnzrXfoF2neU+1o6hHkt UfJ7oCd46Ss2P7KTB7UMPVKLofeXclPP+b+W2M0c8RQkNr3EDzT6PX3ugrA2ASEP SL/G5icXR1I0R7kQKe5+dl358O+jesWcY1JlkW52O32ka+SUcZ9lKaCEbzHwGUDw ri7j0w2m+8lVt1/ebjQSJsCbOrbosUSwEIjDzAtjP4PF+gxBmcQ= =oBOJ -----END PGP SIGNATURE----- --=-SU+WlSjaF+Im5/dcf13Q--