GHSA-g23h-7vf9-xc25 – mimalloc

Package

Manager: cargo
Name: mimalloc
Vulnerable Version: >=0 <0.1.39

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

EPSS: N/A pctlN/A

Details

Mimalloc Can Allocate Memory with Bad Alignment This crate depended on a promise regarding alignments made by the author of the mimalloc allocator to avoid using aligned allocation functions where possible for performance reasons. Since then, the mimalloc allocator's logic changed, making it break this promise. This caused this crate to return memory with an incorrect alignment for some allocations, particularly those with large alignments. The flaw was fixed by always using the aligned allocation functions.

Metadata

Created: 2024-11-12T21:21:36Z
Modified: 2024-11-12T21:21:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-g23h-7vf9-xc25/GHSA-g23h-7vf9-xc25.json
CWE IDs: []
Alternative ID: N/A
Finding: F138
Auto approve: 1