Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-M2PF-HPRP-3VQM
HistoryAug 25, 2021 - 8:44 p.m.

Use after free in image

2021-08-2520:44:43
CWE-416
GitHub Advisory Database
github.com
13
affected crate
vec::set_len
uninitialized vector
hdr image format
drop implementations
arbitrary code execution
breaking change
interface
pre-allocate
output buffer
unsafe code

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.8%

JSON

Affected versions of this crate would call Vec::set_len on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances.

This could run Drop implementations on uninitialized types, equivalent to use-after-free, and allow an attacker arbitrary code execution.

Two different fixes were applied. It is possible to conserve the interface by ensuring proper initialization before calling Vec::set_len. Drop is no longer called in case of panic, though.

Starting from version 0.22, a breaking change to the interface requires callers to pre-allocate the output buffer and pass a mutable slice instead, avoiding all unsafe code.

Affected configurations

Vulners
Node
imageRange0.10.20.21.3
VendorProductVersionCPE
*image*cpe:2.3:a:*:image:*:*:*:*:*:*:*:*

Related

cve 1
osv 3
cvelist 1
rustsec 1
debiancve 1
ubuntucve 1
nvd 1
prion 1
cve
cve
CVE-2019-16138
2019-09-09 12:15:10
osv
osv
Flaw in interface may drop uninitialized instance of arbitrary types
2019-08-21 12:00:00
CVE-2019-16138
2019-09-09 12:15:10
Use after free in image
2021-08-25 20:44:43
cvelist
cvelist
CVE-2019-16138
2019-09-09 11:49:30
rustsec
rustsec
Flaw in interface may drop uninitialized instance of arbitrary types
2019-08-21 12:00:00
debiancve
debiancve
CVE-2019-16138
2019-09-09 12:15:10
ubuntucve
ubuntucve
CVE-2019-16138
2019-09-09 00:00:00
nvd
nvd
CVE-2019-16138
2019-09-09 12:15:10
prion
prion
Format string
2019-09-09 12:15:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.8%

JSON
Related for GHSA-M2PF-HPRP-3VQM
cve1osv3cvelist1rustsec1debiancve1ubuntucve1nvd1prion1