PT-2021-24271 · Molecule · Molecule

Published

2021-07-30

Updated

2022-01-10

CVE-2021-45697

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: molecule crate versions prior to 0.7.2

Description: An issue in the molecule crate for Rust causes an incorrect result when using the total size(..) function to partial read the length of any FixVec, due to an incorrect implementation.

Recommendations: For versions prior to 0.7.2, update to version 0.7.2 to resolve the issue. As a temporary workaround, consider using A.as slice().len() to get the total size of the FixVec if the whole FixVec is already available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-45697

GHSA-6P3C-V8VC-C244

GHSA-82HM-VH7G-HRH9

RUSTSEC-2021-0103

Affected Products

Molecule

PT-2021-24271 · Molecule · Molecule

CVE-2021-45697

Related Identifiers

Affected Products

References · 11