-
Notifications
You must be signed in to change notification settings - Fork 377
/
Copy pathRUSTSEC-2021-0027.json
70 lines (70 loc) · 2.02 KB
/
RUSTSEC-2021-0027.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
{
"id": "RUSTSEC-2021-0027",
"modified": "2023-06-13T13:10:24Z",
"published": "2021-01-07T12:00:00Z",
"aliases": [
"CVE-2021-28027",
"GHSA-cpqj-r29q-chrh"
],
"related": [],
"summary": "Loading a bgzip block can write out of bounds if size overflows.",
"details": "Affected versions of `bam` set the length of an internal buffer using\n`self.compressed.set_len(block_size - HEADER_SIZE - MIN_EXTRA_SIZE)` and then\nwrote into it. While `block_size` was constrained to a proper maximum, when it\nwas too small the subtraction could overflow negatively to a large number past\nthe capacity of `self.compressed`.\n\nThis can result in memory corruption in the form of writing out of bounds when\nloading a `bgzip` file with a small `block_size`.\n\nCommit `061eee38d4` fixed this issue by checking for the underflow when setting\nthe buffer size.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "bam",
"purl": "pkg:cargo/bam"
},
"ecosystem_specific": {
"affects": {
"arch": [],
"os": [],
"functions": [
"bam::bgzip::Block::load"
]
}
},
"database_specific": {
"categories": [
"memory-corruption"
],
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"informational": null
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.1.3"
}
]
}
]
}
],
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/bam"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0027.html"
},
{
"type": "REPORT",
"url": "https://gitlab.com/tprodanov/bam/-/issues/4"
}
]
}