CVE-2023-28448

Name of the Vulnerable Software and Affected Versions versionize versions 0.1.1 through 0.1.9

Description An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmm sys util::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The issue was corrected by inserting a check that verifies the lengths of compared flexible arrays are equal and aborts deserialization otherwise.

Recommendations For versionize versions 0.1.1 through 0.1.9, update to version 0.1.10 or later to resolve the issue. As a temporary workaround, consider disabling the Versionize::deserialize function for vmm sys util::fam::FamStructWrapper until a patch is available. Restrict access to the vulnerable versionize crate to minimize the risk of exploitation.