rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a0cd558a6418d2713a67a6e8d9beaa913d8f2e5
advisory-db/crates/nftnl/RUSTSEC-0000-0000.md
cuiwenhao123 9a0cd558a6 Add RUSTSEC for nftnl
2025-11-25 10:38:36 +01:00

803 B
Raw Blame History 

[advisory]
id = "RUSTSEC-0000-0000"
package = "nftnl"
date = "2025-10-18"
url = "https://github.com/mullvad/nftnl-rs/issues/76#issue-3528876468"
categories = ["memory-corruption"]

[versions]
patched = [">= 0.8.0"]

Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)

A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::with_page_size constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch initialization.

The flaw was fixed in commit 94a286f by adding an overflow check:

batch_page_size
    .checked_add(crate::nft_nlmsg_maxsize())
    .expect("batch_page_size is too large and would overflow");