Skip to content

Ascii (crate) allows out-of-bounds array indexing in safe code

Moderate severity GitHub Reviewed Published Feb 28, 2023 to the GitHub Advisory Database

Package

cargo ascii (Rust)

Affected versions

>= 0.6.0, < 0.9.3

Patched versions

0.9.3

Description

Affected version of this crate had implementation of From<&mut AsciiStr> for &mut [u8] and &mut str. This can result in out-of-bounds array indexing in safe code.

The flaw was corrected in commit 8a6c779 by removing those impls.

References

Published to the GitHub Advisory Database Feb 28, 2023
Reviewed Feb 28, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-mrrw-grhq-86gf

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.