CVE-2017-1000430 – base64

Package

Manager: cargo
Name: base64
Vulnerable Version: >=0 <0.5.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00476 pctl0.63966

Details

Integer overflow in base64 Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the `encode_config_buf` and `encode_config` functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this function writes to the buffer using unsafe code, it would allow an attacker to write beyond the buffer, causing memory corruption and possibly the execution of arbitrary code. This flaw was corrected by using checked arithmetic to calculate the size of the buffer.

Metadata

Created: 2021-08-25T20:55:27Z
Modified: 2021-08-19T17:02:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-x67x-vg9m-65c3/GHSA-x67x-vg9m-65c3.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-x67x-vg9m-65c3
Finding: F316
Auto approve: 1