rustsec-2022-0070
Vulnerability from osv_rustsec
Because of incorrect bounds on method Secp256k1::preallocated_gen_new it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator.
The method takes a place for storing the context as a mutable reference and returns context containing that reference. Because the code internally uses unsafe and the bounds were incorrect it was possible to create a context that outlived the passed reference (e.g. 'static). Because the context can alternatively carry heap-allocated pointer freed on drop it was possible to "deallocate" a pointer that wasn't returned from appropriate allocator. The code decides whether to free the memory based on type parameter but because of missing bound it was possible to construct the context with invalid parameter.
You are unaffected if you either
- don't call
Secp256k1::preallocated_gen_new - manually checked that your usage of the method is sound
- upgraded to the patched version of
secp256k1(recommended)
The patched version uses correct bounds which means it is API-breaking. This effectively means adopting the policy of Rust lang itself allowing API-breaking changes to fix soundness bugs. Note however that valid straightforward usage of the code will continue to compile. Only unsound code or code that propagates the bound in custom generics will fail to compile. If the code is sound fixing the bounds should be sufficient to make the code compile.
See the GitHub issue for example "exploit" code and further discussion.
{
"affected": [
{
"database_specific": {
"categories": [
"memory-corruption"
],
"cvss": null,
"informational": "unsound"
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [
"secp256k1::Secp256k1::preallocated_gen_new"
],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "secp256k1",
"purl": "pkg:cargo/secp256k1"
},
"ranges": [
{
"events": [
{
"introduced": "0.14.0"
},
{
"fixed": "0.22.2"
},
{
"introduced": "0.23.0"
},
{
"fixed": "0.23.5"
},
{
"introduced": "0.24.0"
},
{
"fixed": "0.24.2"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"GHSA-969w-q74q-9j8v"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "Because of incorrect bounds on method `Secp256k1::preallocated_gen_new` it was possible to cause use-after-free from safe consumer code. It was also possible to \"free\" memory not allocated by the appropriate allocator.\n\nThe method takes a place for storing the context as a mutable reference and returns context containing that reference. Because the code internally uses `unsafe` and the bounds were incorrect it was possible to create a context that outlived the passed reference (e.g. `\u0027static`). Because the context can alternatively carry heap-allocated pointer freed on drop it was possible to \"deallocate\" a pointer that wasn\u0027t returned from appropriate allocator. The code decides whether to free the memory based on type parameter but because of missing bound it was possible to construct the context with invalid parameter.\n\nYou are unaffected if you either\n\n* don\u0027t call `Secp256k1::preallocated_gen_new`\n* manually checked that your usage of the method is sound\n* upgraded to the patched version of `secp256k1` (recommended)\n\nThe patched version uses correct bounds which means it is API-breaking. This effectively means adopting the policy of Rust lang itself allowing API-breaking changes to fix soundness bugs. Note however that valid straightforward usage of the code will continue to compile. Only unsound code or code that propagates the bound in custom generics will fail to compile. If the code is sound fixing the bounds should be sufficient to make the code compile.\n\nSee the [GitHub issue](https://github.com/rust-bitcoin/rust-secp256k1/issues/543) for example \"exploit\" code and further discussion.",
"id": "RUSTSEC-2022-0070",
"modified": "2023-06-13T13:10:24Z",
"published": "2022-11-30T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/secp256k1"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0070.html"
},
{
"type": "REPORT",
"url": "https://github.com/rust-bitcoin/rust-secp256k1/issues/543"
},
{
"type": "WEB",
"url": "https://github.com/rust-bitcoin/rust-secp256k1/pull/548"
}
],
"related": [],
"severity": [],
"summary": "Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.