PT-2021-24254 · Vec-Const · Vec-Const

Published

2021-08-14

Updated

2022-06-17

CVE-2021-45680

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: vec-const crate versions prior to 2.0.0

Description: The issue arises from attempting to construct a Vec from a pointer to a const slice, leading to memory corruption. The affected versions of the crate claimed to construct a const Vec with nonzero length and capacity, but this is not possible because such a Vec requires a pointer from an allocator. The implementation was later changed to construct a std::borrow::Cow.

Recommendations: For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider avoiding the construction of a const Vec with nonzero length and capacity until the update is applied.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-45680

GHSA-JMWX-R3GQ-QQ3P

GHSA-X76R-966H-5QV9

RUSTSEC-2021-0082

Affected Products

Vec-Const

PT-2021-24254 · Vec-Const · Vec-Const

CVE-2021-45680

Weakness Enumeration

Related Identifiers

Affected Products

References · 10