rust-stackvector package is vulnerable to CVE-2021-29939

  • Done
  • quality assurance status badge
Details
2 participants
  • Léo Le Bouter
  • zimoun
Owner
unassigned
Submitted by
Léo Le Bouter
Severity
normal
L
L
Léo Le Bouter wrote on 1 Apr 2021 15:47
(address . bug-guix@gnu.org)
5880a0d2db58bae9f641e746f405fe4cd0e1bca3.camel@zaclys.net
CVE-2021-29939 07:15
An issue was discovered in the stackvector crate through 2021-02-19 for
Rust. There is an out-of-bounds write in StackVec::extend if size_hint
provides certain anomalous data.

No fix released upstream yet:

Out of bounds write sounds like it could have dangerous consequences,
not sure how likely is "size_hint provides certain anomalous data"
though.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBlzwcACgkQRaix6GvN
EKazwA//ZG+U8hJ1tuaHCCzjr9Dn5hcEF2KDVF9qFTYU9E+8t6xb7vlOJY8BaKRU
vH5mun34RYDl1b1VnQ1n1XOmk29cZyU1xa8w2Wv4LIjD7ByjyfqVQ4p64AODEAX/
Evg8V8CBx176ANgcVYqC0d1QlBVkyEMvs54qDk+WxGqLWrxzPPgyPQvoGl7ZT6M2
5aqXUMDwvL0HVGSMr3NiI00s5uAmY1STKNUktGu7APmdMAZj9Zd96NNOiZGRgn0b
wZ0I0t7NrUNNam4RjGYYc7quyHJVZFD107R3eEbN7BX4AyZm9LXuTwxa/EALBQyD
SizLRGmjs3/70IQln7u78PU7FTzAQe6RIDxMEqB+jQMrFC8xZ8ltiuG+FCtWhrzN
l4OfoCLZjAwCxW2P3RGeF6YxmMrfAIBTXaTUWQHBO3sMRRmmWX3yr5ozo+2bgWpr
Yc1TmkGgkHE3bENNMGnXp5G7+hyd+DS/0iIB+TL7gNT0FnzrXfoF2neU+1o6hHkt
UfJ7oCd46Ss2P7KTB7UMPVKLofeXclPP+b+W2M0c8RQkNr3EDzT6PX3ugrA2ASEP
SL/G5icXR1I0R7kQKe5+dl358O+jesWcY1JlkW52O32ka+SUcZ9lKaCEbzHwGUDw
ri7j0w2m+8lVt1/ebjQSJsCbOrbosUSwEIjDzAtjP4PF+gxBmcQ=
=oBOJ
-----END PGP SIGNATURE-----


L
L
Léo Le Bouter wrote on 1 Apr 2021 15:48
(address . control@debbugs.gnu.org)
06f7440304edd37fb4282849db818c23805c7229.camel@zaclys.net
tags 47542 + security
quit
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBlzyMACgkQRaix6GvN
EKakmw//SfXShyruJQ2+MoJTwMMDJmjbkMZqyCAP0TYGxo6S/Lxj7DqSrtdI4Tq/
UhtmViaWLjT5+61WXLUi3T3g+pLDk6Dr8c7/6CP+fII5YxexbyNGIje+omIzwZOJ
gLpTrMNwWtBz4dzpYVyABsCAALSFddy+JjdnkQh4mvRVnaqckMY+U40W4gssgA1N
i9hcwVRBQ89Zo5a1NHarwMXQeNc2158t7oK5o1JhI1W3PeEYAHX7IogFrLaO8RpO
eUc19jQrMaCg5hnSgCTpl8l9y9Vc6m0nA7UUJvrY4XOkA/X0KmrRKq5bTIIafXZH
Oewd34i2oEnyrhwxB3jxJu013D8R7aZKxGmqFShIWsenJxf0olNn2tFP/ZRYtIcW
abv/j1nOFWW7fNvFi5ZBUAxTpmYOqwAaArNtQnEfmceOYkpDVWYGBnr4IgsbaA+a
Mm5usRQJbTyY4vBh7XLaq8wB1KjHyWKU/z/k0fJeYkff7//rA2MaBJcqC+bYnHZ/
e/ITX9zqj7nlZi/wjHtXE6LTsT6G5QGcyT+vB/d4SVHsaIUJCuccCW86aZIP9Lzy
HaV5luZWoDH0A4f2Yviqj46DXRNjh3a9A4Zb1rtLIr1t64CII3weXULrMai6ZpjN
Fz61CvKW1/jmELKFoMgqURTIJ4yVqNrK+cV2SI5FDGvZbfG1J78=
=9sfG
-----END PGP SIGNATURE-----


Z
Z
zimoun wrote on 28 Jun 2021 10:06
(name . Léo Le Bouter)(address . lle-bout@zaclys.net)(address . 47542@debbugs.gnu.org)
86y2aufm6l.fsf@gmail.com
Hi,

On Thu, 01 Apr 2021 at 15:47, Léo Le Bouter <lle-bout@zaclys.net> wrote:
Toggle quote (12 lines)
> CVE-2021-29939 07:15
> An issue was discovered in the stackvector crate through 2021-02-19 for
> Rust. There is an out-of-bounds write in StackVec::extend if size_hint
> provides certain anomalous data.
>
> No fix released upstream yet:
> https://github.com/Alexhuszagh/rust-stackvector/issues/2
>
> Out of bounds write sounds like it could have dangerous consequences,
> not sure how likely is "size_hint provides certain anomalous data"
> though.

Thanks for the report.

Commit 015cd2e86e779907085d356c69b6091dc8ac1788 updating to 1.1.1 should
fix the security issue; as upstream said. So, closing.

All the best,
simon
Z
Z
zimoun wrote on 28 Jun 2021 10:06
control message for bug #47542
(address . control@debbugs.gnu.org)
86wnqefm6f.fsf@gmail.com
tags 47542 fixed
close 47542
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 47542@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 47542
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch