Reported

March 27, 2025

Issued

May 6, 2025

Package

redox_uefi_std (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

Keywords

#out-of-bounds-read

References

• https://gitlab.redox-os.org/redox-os/uefi/-/commit/b711d47e815665b0ec8949e39292ad8e3fdd0756

Patched

• >=0.1.14

Unaffected

• <0.1.8

Affected Functions

Version

redox_uefi_std::ffi::nstr

• >=0.1.8, <0.1.14

Description

ffi::nstr() should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow.

Advisory available under CC0-1.0 license.