HistoryEditJSON (OSV)

RUSTSEC-2021-0068

Soundness issue in iced-x86 versions <= 1.10.3

Reported
Issued
Package
iced-x86 (crates.io)
Type
Vulnerability
Keywords
#soundness
Aliases
References
Patched
  • >1.10.3
Affected Functions
Version
iced_x86::Decoder::new
  • <=1.10.3

Description

Versions of iced-x86 <= 1.10.3 invoke undefined behavior which may cause soundness issues in crates using the iced_x86::Decoder struct. The Decoder::new() function made a call to slice.get_unchecked(slice.length()) to get the end position of the input buffer. The flaw was fixed with safe logic that does not invoke undefined behavior.

More details can be found at https://github.com/icedland/iced/issues/168.

Advisory available under CC0-1.0 license.