RUSTSEC-2021-0068
Soundness issue in iced-x86
versions <= 1.10.3
- Reported
- Issued
- Package
- iced-x86 (crates.io)
- Type
- Vulnerability
- Keywords
- #soundness
- Aliases
- References
- Patched
-
>1.10.3
- Affected Functions
- Version
iced_x86::Decoder::new
-
<=1.10.3
Description
Versions of iced-x86 <= 1.10.3 invoke undefined behavior which may cause soundness
issues in crates using the iced_x86::Decoder
struct. The Decoder::new()
function
made a call to slice.get_unchecked(slice.length())
to get the end position of
the input buffer. The flaw was fixed with safe logic that does not invoke undefined
behavior.
More details can be found at https://github.com/icedland/iced/issues/168.
Advisory available under CC0-1.0 license.