{"id":"RUSTSEC-2024-0002","summary":"`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access","details":"## Impact\n\nAn issue was discovered in the `FamStructWrapper::deserialize` implementation\nprovided by the crate for `vmm_sys_util::fam::FamStructWrapper`, which can lead\nto out of bounds memory accesses. The deserialization does not check that the\nlength stored in the header matches the flexible array length. Mismatch in the\nlengths might allow out of bounds memory access through Rust-safe methods.\n\nImpacted versions: \u003e= 0.5.0\n\n## Patches\n\nThe issue was corrected in version 0.12.0 by inserting a check that verifies\nthe lengths of compared flexible arrays are equal for any deserialized header\nand aborting deserialization otherwise. Moreover, the API was changed so that\nheader length can only be modified through Rust-unsafe code. This ensures that\nusers cannot trigger out-of-bounds memory access from Rust-safe code.","aliases":["CVE-2023-50711","GHSA-875g-mfp6-g7f9"],"modified":"2024-01-14T03:56:30.892964Z","published":"2024-01-02T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/vmm-sys-util"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0002.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-875g-mfp6-g7f9"}],"affected":[{"package":{"name":"vmm-sys-util","ecosystem":"crates.io","purl":"pkg:cargo/vmm-sys-util"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.5.0"},{"fixed":"0.12.0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":["vmm_sys_util::fam::FamStructWrapper::deserialize"]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L","categories":["memory-corruption"],"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0002.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L"}]}