Impact
An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmm_sys_util::fam::FamStructWrapper, which can lead to out of bounds memory accesses.
Patches
The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.
Workarounds
-
References
Impact
An issue was discovered in the
Versionize::deserializeimplementation provided by theversionizecrate forvmm_sys_util::fam::FamStructWrapper, which can lead to out of bounds memory accesses.Patches
The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.
Workarounds
-
References