bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939

From:	Léo Le Bouter
Subject:	bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939
Date:	Thu, 01 Apr 2021 15:47:51 +0200
User-agent:	Evolution 3.34.2

CVE-2021-29939  07:15
An issue was discovered in the stackvector crate through 2021-02-19 for
Rust. There is an out-of-bounds write in StackVec::extend if size_hint
provides certain anomalous data.

No fix released upstream yet: 
https://github.com/Alexhuszagh/rust-stackvector/issues/2

Out of bounds write sounds like it could have dangerous consequences,
not sure how likely is "size_hint provides certain anomalous data"
though.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47542: rust-stackvector package is vulnerable to CVE-2021-29939, Léo Le Bouter <=

Prev by Date: bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
Next by Date: bug#47472: fe: hash mismatch
Previous by thread: bug#47509: OpenEXR may be vulnerable to CVE-2021-3474, CVE-2021-3476 and CVE-2021-3475
Next by thread: bug#47472: fe: hash mismatch
Index(es):
- Date
- Thread