rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add RUSTSEC for nftnl

Browse Source
This commit is contained in:
cuiwenhao123
2025-11-25 15:42:36 +08:00
committed by Dirkjan Ochtman
parent f2c79ffdfa
commit 9a0cd558a6
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/nftnl/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,22 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "nftnl"
date = "2025-10-18"
url = "https://github.com/mullvad/nftnl-rs/issues/76#issue-3528876468"
categories = ["memory-corruption"]
[versions]
patched = [">= 0.8.0"]
```
# Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)
A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::with_page_size constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch initialization.
The flaw was fixed in commit 94a286f by adding an overflow check:
```Rust
batch_page_size
.checked_add(crate::nft_nlmsg_maxsize())
.expect("batch_page_size is too large and would overflow");
```