CVE-2020-35861

Name of the Vulnerable Software and Affected Versions bumpalo crate versions prior to 3.2.1

Description An issue in the bumpalo crate allows the reading of unknown memory due to a bug in the realloc feature. This could potentially allow attackers to read sensitive information, such as cryptographic keys, if they can cause reallocs and read the realloced data back. The bug occurs when copying bytes into the new space during realloc, where new size number of bytes are copied instead of old size, leading to copying bytes from past the chunk being allocated.

Recommendations For bumpalo crate versions prior to 3.2.1, update to version 3.2.1 or later to fix the bug. As a temporary workaround, consider restricting the use of the realloc feature until a patch is available. Additionally, enabling the --error-exitcode=1 flag for valgrind in CI can help detect invalid reads/writes, and exercising realloc via bumpalo::collections::Vec::resize and bumpalo::collections::Vec::shrink to fit calls can help identify potential issues.