PT-2019-14259 · Rust · Slice-Deque

Published

2019-05-07

Updated

2021-08-25

CVE-2019-15543

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions slice-deque crate versions prior to 0.2.0

Description The issue is related to memory corruption in certain allocation cases. Affected versions of the crate can enter a corrupted state if the size of an element is not a multiple of the allocation granularity and a specific allocation pattern is used, allowing an attacker to corrupt the deque. This can result in undefined behavior, such as reading bytes from adjacent elements. The flaw was corrected by using a pair of pointers to track the head and tail of the deque instead of a pair of indices.

Recommendations For versions prior to 0.2.0, update to version 0.2.0 or later, which uses a pair of pointers to track the head and tail of the deque, correcting the flaw.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-15543

GHSA-C3M3-C39Q-PV23

RUSTSEC-2019-0002

Affected Products

Slice-Deque

PT-2019-14259 · Rust · Slice-Deque

CVE-2019-15543

Weakness Enumeration

Related Identifiers

Affected Products

References · 8