Add ruzstd uninit/out-of-bounds memory reads advisory (#2147)

* Add ruzstd uninit/out-of-bounds reads advisory * Update description with impact analysis from the maintainer * fix typo Co-authored-by: Paolo Barbolini <[email protected]> --------- Co-authored-by: Sergey "Shnatsel" Davidoff <[email protected]>
rustsec · Nov 28, 2024 · c91b809 · c91b809
1 parent 4676c55
commit c91b809
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/crates/ruzstd/RUSTSEC-0000-0000.md b/crates/ruzstd/RUSTSEC-0000-0000.md
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ruzstd"
+date = "2024-11-28"
+url = "https://github.com/KillingSpark/zstd-rs/issues/75"
+categories = ["memory-exposure"]
+references = ["https://github.com/KillingSpark/zstd-rs/pull/76"]
+
+[versions]
+patched = [">= 0.7.3"]
+unaffected = ["< 0.7.0"]
+```
+
+# `ruzstd` uninit and out-of-bounds memory reads
+
+Affected versions of `ruzstd` miscalculate the length of the allocated
+and init section of its internal `RingBuffer`, leading to uninitialized
+or out-of-bounds reads in `copy_bytes_overshooting` of up to 15 bytes.
+
+This may result in up to 15 bytes of memory contents being written
+into the decoded data when decompressing a crafted archive.
+This may occur multiple times per archive.