linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
Description
linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of:: because of metadata write operations. This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::init_from_slice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than 3 * size_of:: and that the Heap::extend method is only called with sizes larger than 2 * size_of::(). Also, ensure that the total heap size is (and stays) a multiple of 2 * size_of::().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
linked_list_allocatorcrates.io | < 0.10.2 | 0.10.2 |
Affected products
3- ghsa-coords2 versionspkg:cargo/linked_list_allocatorpkg:rpm/opensuse/cargo-audit-advisory-db&distro=openSUSE%20Tumbleweed
< 0.10.2+ 1 more
- (no CPE)range: < 0.10.2
- (no CPE)range: < 20221102-1.1
- Range: < 0.10.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-xg8p-34w2-j49jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36086ghsaADVISORY
- github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbfghsax_refsource_MISCWEB
- github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49jghsax_refsource_CONFIRMWEB
- rustsec.org/advisories/RUSTSEC-2022-0063.htmlghsaWEB
News mentions
0No linked articles in our index yet.