Project

General

Profile

Actions

Bug #18824

closed

Security advisories for relayd dependencies

Added by Alexis Mousset about 3 years ago. Updated about 3 years ago.

Status:
Released
Priority:
N/A
Assignee:
Gaëtan POBLON
Category:
Relay server or API
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

07:42:46 cargo deny check
07:42:47 error[A001]: Buffer overflow in SmallVec::insert_many
07:42:47     ┌─ /home/jenkins/workspace/rudder-relayd-6.1/relay/sources/relayd/Cargo.lock:186:1
07:42:47     │
07:42:47 186 │ smallvec 0.6.13 registry+https://github.com/rust-lang/crates.io-index
07:42:47     │ --------------------------------------------------------------------- security vulnerability detected
07:42:47     │
07:42:47     = ID: RUSTSEC-2021-0003
07:42:47     = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0003
07:42:47     = A bug in the `SmallVec::insert_many` method caused it to allocate a buffer that was smaller than needed.  It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.
07:42:47       
07:42:47       This bug was only triggered if the iterator passed to `insert_many` yielded more items than the lower bound returned from its `size_hint` method.
07:42:47        
07:42:47       The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted.  The fix also simplified the implementation of `insert_many` to use less unsafe code, so it is easier to verify its correctness.
07:42:47       
07:42:47       Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.
07:42:47     = Announcement: https://github.com/servo/rust-smallvec/issues/252
07:42:47     = Solution: Upgrade to >=0.6.14, <1.0.0 OR >=1.6.1
Actions #1

Updated by Alexis Mousset about 3 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #2

Updated by Alexis Mousset about 3 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Gaëtan POBLON
  • Pull Request set to https://github.com/Normation/rudder/pull/3466
Actions #3

Updated by Alexis Mousset about 3 years ago

  • Description updated (diff)
Actions #4

Updated by Alexis Mousset about 3 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Alexis Mousset about 3 years ago

  • Fix check changed from To do to Checked
Actions #6

Updated by Vincent MEMBRÉ about 3 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.1.8 and 6.2.1 which were released today.

Actions

Also available in: Atom PDF