- Reported
-
- Issued
-
- Package
-
xmas-elf
(crates.io)
- Type
-
Vulnerability
- Categories
-
- References
-
- Patched
-
- Affected Functions
- Version
xmas_elf::hash::HashTable::get_bucket
-
xmas_elf::hash::HashTable::get_chain
-
Description
Affected versions of this crate only validated the index
argument of
HashTable::get_bucket
and HashTable::get_chain
against the input-controlled
bucket_count
and chain_count
fields, but not against the size of the ELF
section. As a result, a malformed ELF file could trigger out-of-bounds reads in
a consumer of the HashTable API by setting these fields to inappropriately large
values that would fall outside the relevant hash table section, and by
introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF
file.
Advisory available under CC0-1.0
license.