CVE-2021-38190

Name of the Vulnerable Software and Affected Versions: nalgebra crate versions prior to 0.27.1

Description: The issue allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count. This is due to the Deserialize implementation for VecStorage not maintaining the invariant that the number of elements must equal nrows * ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector.

Recommendations: For versions prior to 0.27.1, update to version 0.27.1 or later to resolve the issue. As a temporary workaround, consider adding error checking during deserialization to ensure the number of elements matches the expected size, similar to the correction made in commit 5bff536. Restrict deserialization of untrusted inputs to minimize the risk of exploitation.