rust-stackvector package is vulnerable to CVE-2021-29939

DoneSubmitted by Léo Le Bouter.
Details
2 participants
  • Léo Le Bouter
  • zimoun
Owner
unassigned
Severity
normal
L
L
Léo Le Bouter wrote on 1 Apr 15:47 +0200
(address . bug-guix@gnu.org)
5880a0d2db58bae9f641e746f405fe4cd0e1bca3.camel@zaclys.net
CVE-2021-29939 07:15An issue was discovered in the stackvector crate through 2021-02-19 forRust. There is an out-of-bounds write in StackVec::extend if size_hintprovides certain anomalous data.
No fix released upstream yet: https://github.com/Alexhuszagh/rust-stackvector/issues/2
Out of bounds write sounds like it could have dangerous consequences,not sure how likely is "size_hint provides certain anomalous data"though.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBlzwcACgkQRaix6GvNEKazwA//ZG+U8hJ1tuaHCCzjr9Dn5hcEF2KDVF9qFTYU9E+8t6xb7vlOJY8BaKRUvH5mun34RYDl1b1VnQ1n1XOmk29cZyU1xa8w2Wv4LIjD7ByjyfqVQ4p64AODEAX/Evg8V8CBx176ANgcVYqC0d1QlBVkyEMvs54qDk+WxGqLWrxzPPgyPQvoGl7ZT6M25aqXUMDwvL0HVGSMr3NiI00s5uAmY1STKNUktGu7APmdMAZj9Zd96NNOiZGRgn0bwZ0I0t7NrUNNam4RjGYYc7quyHJVZFD107R3eEbN7BX4AyZm9LXuTwxa/EALBQyDSizLRGmjs3/70IQln7u78PU7FTzAQe6RIDxMEqB+jQMrFC8xZ8ltiuG+FCtWhrzNl4OfoCLZjAwCxW2P3RGeF6YxmMrfAIBTXaTUWQHBO3sMRRmmWX3yr5ozo+2bgWprYc1TmkGgkHE3bENNMGnXp5G7+hyd+DS/0iIB+TL7gNT0FnzrXfoF2neU+1o6hHktUfJ7oCd46Ss2P7KTB7UMPVKLofeXclPP+b+W2M0c8RQkNr3EDzT6PX3ugrA2ASEPSL/G5icXR1I0R7kQKe5+dl358O+jesWcY1JlkW52O32ka+SUcZ9lKaCEbzHwGUDwri7j0w2m+8lVt1/ebjQSJsCbOrbosUSwEIjDzAtjP4PF+gxBmcQ==oBOJ-----END PGP SIGNATURE-----

L
L
Léo Le Bouter wrote on 1 Apr 15:48 +0200
(address . control@debbugs.gnu.org)
06f7440304edd37fb4282849db818c23805c7229.camel@zaclys.net
tags 47542 + securityquit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBlzyMACgkQRaix6GvNEKakmw//SfXShyruJQ2+MoJTwMMDJmjbkMZqyCAP0TYGxo6S/Lxj7DqSrtdI4Tq/UhtmViaWLjT5+61WXLUi3T3g+pLDk6Dr8c7/6CP+fII5YxexbyNGIje+omIzwZOJgLpTrMNwWtBz4dzpYVyABsCAALSFddy+JjdnkQh4mvRVnaqckMY+U40W4gssgA1Ni9hcwVRBQ89Zo5a1NHarwMXQeNc2158t7oK5o1JhI1W3PeEYAHX7IogFrLaO8RpOeUc19jQrMaCg5hnSgCTpl8l9y9Vc6m0nA7UUJvrY4XOkA/X0KmrRKq5bTIIafXZHOewd34i2oEnyrhwxB3jxJu013D8R7aZKxGmqFShIWsenJxf0olNn2tFP/ZRYtIcWabv/j1nOFWW7fNvFi5ZBUAxTpmYOqwAaArNtQnEfmceOYkpDVWYGBnr4IgsbaA+aMm5usRQJbTyY4vBh7XLaq8wB1KjHyWKU/z/k0fJeYkff7//rA2MaBJcqC+bYnHZ/e/ITX9zqj7nlZi/wjHtXE6LTsT6G5QGcyT+vB/d4SVHsaIUJCuccCW86aZIP9LzyHaV5luZWoDH0A4f2Yviqj46DXRNjh3a9A4Zb1rtLIr1t64CII3weXULrMai6ZpjNFz61CvKW1/jmELKFoMgqURTIJ4yVqNrK+cV2SI5FDGvZbfG1J78==9sfG-----END PGP SIGNATURE-----

Z
Z
zimoun wrote on 28 Jun 10:06 +0200
(name . Léo Le Bouter)(address . lle-bout@zaclys.net)(address . 47542@debbugs.gnu.org)
86y2aufm6l.fsf@gmail.com
Hi,
On Thu, 01 Apr 2021 at 15:47, Léo Le Bouter <lle-bout@zaclys.net> wrote:
Toggle quote (12 lines)> CVE-2021-29939 07:15> An issue was discovered in the stackvector crate through 2021-02-19 for> Rust. There is an out-of-bounds write in StackVec::extend if size_hint> provides certain anomalous data.>> No fix released upstream yet:> https://github.com/Alexhuszagh/rust-stackvector/issues/2>> Out of bounds write sounds like it could have dangerous consequences,> not sure how likely is "size_hint provides certain anomalous data"> though.
Thanks for the report.
Commit 015cd2e86e779907085d356c69b6091dc8ac1788 updating to 1.1.1 shouldfix the security issue; as upstream said. So, closing.
All the best,simon
Z
Z
zimoun wrote on 28 Jun 10:06 +0200
control message for bug #47542
(address . control@debbugs.gnu.org)
86wnqefm6f.fsf@gmail.com
tags 47542 fixedclose 47542 quit
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 47542@debbugs.gnu.org