GHSA-V935-PQMR-G8V9
Vulnerability from github – Published: 2021-11-03 17:36 – Updated: 2021-11-03 15:02
VLAI?
Summary
Unexpected panics in num-bigint
Details
Impact
Two scenarios were reported where BigInt and BigUint multiplication may unexpectedly panic.
- The internal
mac3function did not expect the possibility of non-empty all-zero inputs, leading to anunwrap()panic. - A buffer was allocated with less capacity than needed for an intermediate result, leading to an assertion panic.
Rust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may constitute a denial-of-service vulnerability.
Patches
Both problems were introduced in version 0.4.1, and are fixed in version 0.4.3.
For more information
If you have any questions or comments about this advisory, please open an issue in the num-bigint repo.
Acknowledgements
Thanks to Guido Vranken and Arvid Norberg for privately reporting these issues to the author.
References
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "num-bigint"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.1"
},
{
"fixed": "0.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-131",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-03T15:02:32Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nTwo scenarios were reported where `BigInt` and `BigUint` multiplication may unexpectedly panic.\n\n- The internal `mac3` function did not expect the possibility of non-empty all-zero inputs, leading to an `unwrap()` panic.\n- A buffer was allocated with less capacity than needed for an intermediate result, leading to an assertion panic.\n\nRust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may constitute a denial-of-service vulnerability.\n\n### Patches\nBoth problems were introduced in version 0.4.1, and are fixed in version 0.4.3.\n\n### For more information\nIf you have any questions or comments about this advisory, please open an issue in the [num-bigint](https://github.com/rust-num/num-bigint) repo.\n\n### Acknowledgements\nThanks to Guido Vranken and Arvid Norberg for privately reporting these issues to the author.\n\n### References\n* [GHSA-v935-pqmr-g8v9](https://github.com/rust-num/num-bigint/security/advisories/GHSA-v935-pqmr-g8v9)\n* [num-bigint#228](https://github.com/rust-num/num-bigint/pull/228)\n",
"id": "GHSA-v935-pqmr-g8v9",
"modified": "2021-11-03T15:02:32Z",
"published": "2021-11-03T17:36:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-num/num-bigint/security/advisories/GHSA-v935-pqmr-g8v9"
},
{
"type": "WEB",
"url": "https://github.com/rust-num/num-bigint/pull/228"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-num/num-bigint"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Unexpected panics in num-bigint"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…