Lucene search
RustsecRUSTSEC-2021-0027HistoryJan 07, 2021 - 12:00 p.m.
Loading a bgzip block can write out of bounds if size overflows.
2021-01-0712:00:00
rustsec.org
8
bgzip block overflow
memory corruption
buffer size
underflow
bam
software
EPSS
0.002
Percentile
60.7%
Affected versions of bam set the length of an internal buffer using
self.compressed.set_len(block_size - HEADER_SIZE - MIN_EXTRA_SIZE) and then
wrote into it. While block_size was constrained to a proper maximum, when it
was too small the subtraction could overflow negatively to a large number past
the capacity of self.compressed.
This can result in memory corruption in the form of writing out of bounds when
loading a bgzip file with a small block_size.
Commit 061eee38d4 fixed this issue by checking for the underflow when setting
the buffer size.
Related
nvd
nvd
CVE-2021-28027
2021-03-05 09:15:13
cve
cve
CVE-2021-28027
2021-03-05 09:15:13
cvelist
cvelist
CVE-2021-28027
2021-03-05 08:40:52
prion
prion
Integer overflow
2021-03-05 09:15:00
osv
osv
Loading a bgzip block can write out of bounds if size overflows.
2021-01-07 12:00:00
Loading a bgzip block can write out of bounds if size overflows.
2022-05-24 17:43:47
github
github
Loading a bgzip block can write out of bounds if size overflows.
2022-05-24 17:43:47