Headline
GHSA-x3f4-45xf-rjm7: `ruzstd` uninit and out-of-bounds memory reads
Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copy_bytes_overshooting of up to 15 bytes.
This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.
Package
cargo ruzstd (Rust)
Affected versions
>= 0.7.0, < 0.7.3
Patched versions
0.7.3
Description
Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copy_bytes_overshooting of up to 15 bytes.
This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.
References
- KillingSpark/zstd-rs#75
- KillingSpark/zstd-rs#76
- https://rustsec.org/advisories/RUSTSEC-2024-0400.html
Published to the GitHub Advisory Database
Dec 2, 2024
Reviewed
Dec 2, 2024