GHSA-h3mf-4fwp-59c7 – nalgebra

Package

Manager: cargo
Name: nalgebra
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

VecStorage Deserialize Allows Violation of Length Invariant The `Deserialize` implementation for `VecStorage` did not maintain the invariant that the number of elements must equal `nrows * ncols`. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 ([`086e6e`](https://github.com/dimforge/nalgebra/commit/086e6e719f53fecba6dadad2e953a487976387f5)) due to the addition of an automatically derived implementation of `Deserialize` for `MatrixVec`. `MatrixVec` was later renamed to `VecStorage` in v0.16.13 ([`0f66403`](https://github.com/dimforge/nalgebra/commit/0f66403cbbe9eeac15cedd8a906c0d6a3d8841f2)) and continued to use the automatically derived implementation of `Deserialize`. This flaw was corrected in commit [`5bff536`](https://github.com/dimforge/nalgebra/commit/5bff5368bf38ddfa31416e4ae9897b163031a513) by returning an error during deserialization if the number of elements does not exactly match the expected size.

Metadata

Created: 2021-08-05T19:58:06Z
Modified: 2021-08-24T18:08:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-h3mf-4fwp-59c7/GHSA-h3mf-4fwp-59c7.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0