rustsec-2022-0034
Vulnerability from osv_rustsec
Published
2022-07-22 12:00
Modified
2022-07-25 17:19
Summary
Safety issues in `pkcs11`
Details

Impact

The interface of pkcs11 is subject to a number of safety issues, mainly related to handling of raw pointers. Despite presenting a safe interface, many of the functions and methods that rely on inputs which contain pointers (attributes and mechanisms in particular) can lead to segmentation faults and undefined behaviour when those pointers get dereferenced. For more details see the issues referenced below.

Other problems that have been identified by the community include use-after-free (mheese/rust-pkcs11#53) and unsound uses of transmute_copy (mheese/rust-pkcs11#55).

Workarounds

Users of the crate need to be extremely careful in all the calls made to avoid segmentation faults and undefined behaviour due to use of stale pointers. Whenever a pointer is derived from a value and passed to the library, that value's lifetime must be guaranteed to outlast all calls that rely on the pointer. For example, users should avoid creating or converting values within a separate scope (say, in a dedicated function), deriving a pointer, then extracting the pointer from that scope leaving the value to get dropped before passing the pointer to pkcs11.

References

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "code-execution",
          "memory-corruption",
          "crypto-failure"
        ],
        "cvss": null,
        "informational": "unsound"
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "pkcs11",
        "purl": "pkg:cargo/pkcs11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "### Impact\n\nThe interface of `pkcs11` is subject to a number of safety issues, mainly related to handling of raw pointers. Despite presenting a safe interface, many of the functions and methods that rely on inputs which contain pointers (attributes and mechanisms in particular) can lead to segmentation faults and undefined behaviour when those pointers get dereferenced. For more details see the issues referenced below.\n\nOther problems that have been identified by the community include use-after-free ([mheese/rust-pkcs11#53](https://github.com/mheese/rust-pkcs11/pull/53)) and unsound uses of `transmute_copy` ([mheese/rust-pkcs11#55](https://github.com/mheese/rust-pkcs11/issues/55)).\n\n### Workarounds\n\nUsers of the crate need to be _extremely_ careful in all the calls made to avoid segmentation faults and undefined behaviour due to use of stale pointers. Whenever a pointer is derived from a value and passed to the library, that value\u0027s lifetime must be guaranteed to outlast all calls that rely on the pointer. For example, users should **avoid** creating or converting values within a separate scope (say, in a dedicated function), deriving a pointer, then extracting the pointer from that scope leaving the value to get dropped before passing the pointer to `pkcs11`.\n\n### References\n\n- [mheese/rust-pkcs11#38](https://github.com/mheese/rust-pkcs11/issues/38)\n- [mheese/rust-pkcs11#53](https://github.com/mheese/rust-pkcs11/pull/53)\n- [mheese/rust-pkcs11#55](https://github.com/mheese/rust-pkcs11/issues/55)\n- [mheese/rust-pkcs11#54](https://github.com/mheese/rust-pkcs11/issues/54)\n- [mheese/rust-pkcs11#50](https://github.com/mheese/rust-pkcs11/issues/50)",
  "id": "RUSTSEC-2022-0034",
  "modified": "2022-07-25T17:19:15Z",
  "published": "2022-07-22T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/pkcs11"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0034.html"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/mheese/rust-pkcs11/issues/57"
    }
  ],
  "related": [],
  "severity": [],
  "summary": "Safety issues in `pkcs11`"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.