rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
988dc5fe726438c984c46e1f7d1859710105bae8
advisory-db/crates/flatbuffers/RUSTSEC-2021-0122.md
Alexis Mousset 988dc5fe72 Fix some typos (#1593)
2023-02-09 04:11:29 +01:00

1.1 KiB
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0122"
package = "flatbuffers"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
date = "2021-10-31"
url = "https://github.com/google/flatbuffers/issues/6627"

[versions]
patched = [">= 22.9.29"]

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details.

For example, if generated code is used to decode malformed or untrusted input, undefined behavior (and thus security vulnerabilities) is possible even without the use of the unsafe keyword, violating the the meaning of "safe" code;

All users that use generated code by flatbuffers compiler are recommended to:

  1. not expose flatbuffer generated code as part of their public APIs
  2. audit their code and look for any usage of follow, push, or any method that uses them (e.g. self_follow).
  3. Carefully go through the crates' documentation to understand which "safe" APIs are not intended to be used.