Manishearth

**Name of the Vulnerable Software and Affected Versions** vm-memory versions 0.1.0 through 0.12.1 **Description** An issue was discovered in the default implementations of the `VolatileMemory::{get atomic ref, aligned as ref, aligned as mut, get ref, get array ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get slice` provided in `vm memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get slice`'s documentation. **Recommendations** To resolve the issue, upgrade to version 0.12.2 or later, which includes a check that verifies the `VolatileSlice` returned by `get slice` is of the correct length. As a temporary workaround, consider adding a custom check to verify the length of the `VolatileSlice` returned by `get slice` before using it with the `VolatileMemory` trait functions.