CVE-2019-15550

Name of the Vulnerable Software and Affected Versions simd-json crate versions prior to 0.1.15

Description The issue is related to an out-of-bounds read and incorrect crossing of a page boundary, which can lead to a segmentation fault when parsing strings. This occurs because the affected version of the crate does not guard against accessing memory beyond the range of its input data. Specifically, a pointer cast to read data into a 256-bit register can cause the issue when the end of the read overlaps into the next page. This allows an attacker to potentially crash a service.

Recommendations For versions prior to 0.1.15, update to version 0.1.15 or later, which includes a fix that uses a padding buffer for the last read from the input to prevent reading over the boundary of the input data.