9527 matches found
CVE-2024-21629
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
Design/Logic Flaw
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
CVE-2024-21629 Erroneous handling of `record_external_operation` error return
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
CVE-2024-21629 Erroneous handling of `record_external_operation` error return
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
CVE-2024-21629
Rust EVM contains a vulnerability in the record_external_operation feature of rust-evm. During finalization of CREATE/CREATE2, if substack execution succeeds, the substate is committed before calling record_external_operation(Write(out_code.len())). If record_external_operation later fails, the e...
CVE-2024-21629 Erroneous handling of `record_external_operation` error return
Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...
Deserialization of untrusted data
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
CVE-2023-50711
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
UBUNTU-CVE-2023-50711
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
CVE-2023-50711
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
CVE-2023-50711
CVE-2023-50711 affects the vmm-sys-util crate (FamStructWrapper::deserialize) used by Rust-VMM components. The issue is a mismatch between the header-stored length and the flexible-array length during deserialization, enabling potential out-of-bounds memory access through Rust-safe code. It was f...
CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
GHSA-875G-MFP6-G7F9 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
RUSTSEC-2024-0002 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...
PT-2024-18980 · Rust-Evm · Rust-Evm
Name of the Vulnerable Software and Affected Versions: rust-evm versions prior to 0.41.1 Description: The issue is related to the record external operation feature in rust-evm, which allows library users to record custom gas changes. This feature can have bogus interactions with the call stack,...
Rust EVM Security Vulnerability
Rust EVM is an Ethernet virtual machine interpreter. A security vulnerability exists in Rust EVM 0.41.0 and earlier versions, which stems from the recordexternaloperation function falsely interacting with the stack, resulting in the presence of incorrect return values...