CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
54.5%
linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of::<usize>
because of metadata write operations. This vulnerability impacts all the initialization functions on the Heap
and LockedHeap
types, including Heap::new
, Heap::init
, Heap::init_from_slice
, and LockedHeap::new
. It also affects multiple uses of the Heap::extend
method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than 3 * size_of::<usize>
and that the Heap::extend
method is only called with sizes larger than 2 * size_of::<usize>()
. Also, ensure that the total heap size is (and stays) a multiple of 2 * size_of::<usize>()
.
Vendor | Product | Version | CPE |
---|---|---|---|
rust-osdev | linked-list-allocator | * | cpe:2.3:a:rust-osdev:linked-list-allocator:*:*:*:*:*:rust:*:* |
[
{
"product": "linked-list-allocator",
"vendor": "rust-osdev",
"versions": [
{
"status": "affected",
"version": "< 0.10.2"
}
]
}
]