GNU bug report logs - #47542
rust-stackvector package is vulnerable to CVE-2021-29939

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Thu, 1 Apr 2021 13:48:02 UTC

Severity: normal

Tags: fixed, security

Done: zimoun <zimon.toutoune <at> gmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47542 in the body.
You can then email your comments to 47542 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#47542; Package guix. (Thu, 01 Apr 2021 13:48:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Léo Le Bouter <lle-bout <at> zaclys.net>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Thu, 01 Apr 2021 13:48:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: bug-guix <at> gnu.org
Subject: rust-stackvector package is vulnerable to CVE-2021-29939
Date: Thu, 01 Apr 2021 15:47:51 +0200

[Message part 1 (text/plain, inline)]
CVE-2021-29939	07:15
An issue was discovered in the stackvector crate through 2021-02-19 for
Rust. There is an out-of-bounds write in StackVec::extend if size_hint
provides certain anomalous data.

No fix released upstream yet: 
https://github.com/Alexhuszagh/rust-stackvector/issues/2

Out of bounds write sounds like it could have dangerous consequences,
not sure how likely is "size_hint provides certain anomalous data"
though.

[signature.asc (application/pgp-signature, inline)]
Added tag(s) security. Request was from Léo Le Bouter <lle-bout <at> zaclys.net> to control <at> debbugs.gnu.org. (Thu, 01 Apr 2021 13:49:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#47542; Package guix. (Mon, 28 Jun 2021 08:07:02 GMT) Full text and rfc822 format available.

Message #10 received at 47542 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Léo Le Bouter <lle-bout <at> zaclys.net>
Cc: 47542 <at> debbugs.gnu.org
Subject: Re: bug#47542: rust-stackvector package is vulnerable to
 CVE-2021-29939
Date: Mon, 28 Jun 2021 10:06:10 +0200

Hi,

On Thu, 01 Apr 2021 at 15:47, Léo Le Bouter <lle-bout <at> zaclys.net> wrote:
> CVE-2021-29939	07:15
> An issue was discovered in the stackvector crate through 2021-02-19 for
> Rust. There is an out-of-bounds write in StackVec::extend if size_hint
> provides certain anomalous data.
>
> No fix released upstream yet:
> https://github.com/Alexhuszagh/rust-stackvector/issues/2
>
> Out of bounds write sounds like it could have dangerous consequences,
> not sure how likely is "size_hint provides certain anomalous data"
> though.

Thanks for the report.

Commit 015cd2e86e779907085d356c69b6091dc8ac1788 updating to 1.1.1 should
fix the security issue; as upstream said.  So, closing.

All the best,
simon
Added tag(s) fixed. Request was from zimoun <zimon.toutoune <at> gmail.com> to control <at> debbugs.gnu.org. (Mon, 28 Jun 2021 08:07:02 GMT) Full text and rfc822 format available.
bug closed, send any further explanations to 47542 <at> debbugs.gnu.org and Léo Le Bouter <lle-bout <at> zaclys.net> Request was from zimoun <zimon.toutoune <at> gmail.com> to control <at> debbugs.gnu.org. (Mon, 28 Jun 2021 08:07:03 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 26 Jul 2021 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 2 years and 274 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.