GHSA-3W8G-XR3F-2MP8

Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-24 18:08
VLAI?
Summary
Out of bounds write in nalgebra
Details

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows * ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector.

This flaw was introduced in v0.11.0 (086e6e) due to the addition of an automatically derived implementation of Deserialize for MatrixVec. MatrixVec was later renamed to VecStorage in v0.16.13 (0f66403) and continued to use the automatically derived implementation of Deserialize.

Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "nalgebra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "fixed": "0.27.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-38190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-18T21:30:58Z",
    "nvd_published_at": "2021-08-08T06:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The `Deserialize` implementation for `VecStorage` did not maintain the invariant that the number of elements must equal `nrows * ncols`. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector.\n\nThis flaw was introduced in v0.11.0 ([`086e6e`](https://github.com/dimforge/nalgebra/commit/086e6e719f53fecba6dadad2e953a487976387f5)) due to the addition of an automatically derived implementation of `Deserialize` for `MatrixVec`. `MatrixVec` was later renamed to `VecStorage` in v0.16.13 ([`0f66403`](https://github.com/dimforge/nalgebra/commit/0f66403cbbe9eeac15cedd8a906c0d6a3d8841f2)) and continued to use the automatically derived implementation of `Deserialize`.",
  "id": "GHSA-3w8g-xr3f-2mp8",
  "modified": "2021-08-24T18:08:59Z",
  "published": "2021-08-25T20:55:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38190"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dimforge/nalgebra/issues/883"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dimforge/nalgebra/pull/889"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dimforge/nalgebra/commit/a803271fcce75b7c151e92aa099dfa546db4adc5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dimforge/nalgebra"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dimforge/nalgebra/blob/dev/CHANGELOG.md#0270"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0070.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Out of bounds write in nalgebra"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.