PT-2021-21994 · Anymap+1 · Anymap+1

Published

2021-05-07

Updated

2021-08-25

CVE-2021-38187

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: anymap crate versions prior to 0.12.1

Description: The issue concerns a soundness bug in the anymap crate, which is caused by the conversion of a *u8 to a *u64. This bug violates soundness. The crate does not appear to be maintained, and the most recent published version 0.12.1 includes this soundness bug.

Recommendations: For anymap crate versions prior to 0.12.1, consider updating to a manually patched version that includes the fix for the soundness bug, as the official fix was never released. As a temporary workaround, consider restricting the use of the anymap crate until a properly maintained version is available.

Exploit

Fix

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-681CWE-704

Related Identifiers

CVE-2021-38187

GHSA-HC92-9H3M-C39J

RUSTSEC-2021-0065

Affected Products

Debian

Anymap

PT-2021-21994 · Anymap+1 · Anymap+1

CVE-2021-38187

Weakness Enumeration

Related Identifiers

Affected Products

References · 14