Reported

January 11, 2021

Issued

March 29, 2021 (last modified: June 13, 2023)

Package

adtensor (crates.io)

Type

Vulnerability

Categories

• memory-corruption

Keywords

#memory-safety

Aliases

• CVE-2021-29936
• GHSA-rg4m-gww5-7p47

References

• https://github.com/charles-r-earp/adtensor/issues/4

CVSS Score

9.8 CRITICAL

CVSS Details

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

no patched versions

Description

The FromIterator<T> methods for Vector and Matrix rely on the type parameter N to allocate space in the iterable.

If the passed in N type parameter is larger than the number of items returned by the iterator, it can lead to uninitialized memory being left in the Vector or Matrix type which gets dropped.

Advisory available under CC0-1.0 license.