Skip to content

partial_sort contains Out-of-bounds Read in release mode

Moderate severity GitHub Reviewed Published Feb 28, 2023 to the GitHub Advisory Database • Updated Feb 28, 2023

Package

cargo partial_sort (Rust)

Affected versions

< 0.2.0

Patched versions

0.2.0

Description

Affected versions of this crate were using a debug assertion to validate the last parameter of partial_sort(). This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions.

All writes are bounds-checked, so the out-of-bounds memory access is read-only. This also means that the first attempted out-of-bounds write will panic, limiting the possible reads.

The accessible region is further limited by an initial bounds-checked read at (last / 2) - 1, i.e., it is proportional to the size of the vector.

This bug has been fixed in v0.2.0.

References

Published to the GitHub Advisory Database Feb 28, 2023
Reviewed Feb 28, 2023
Last updated Feb 28, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-5x36-7567-3cw6

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.