RUSTSEC-2017-0004

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Reported

May 3, 2017

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

base64 (crates.io)

Type

Vulnerability

Keywords

#memory-corruption

Aliases

References

https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319

CVSS Score

9.8 CRITICAL

CVSS Details

Attack vector: Network
Attack complexity: Low
Privileges required: None
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

>=0.5.2

Description

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encode_config_buf and encode_config functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this function writes to the buffer using unsafe code, it would allow an attacker to write beyond the buffer, causing memory corruption and possibly the execution of arbitrary code.

This flaw was corrected by using checked arithmetic to calculate the size of the buffer.

Advisory available under CC0-1.0 license.