{"id":"RUSTSEC-2022-0010","summary":"enum_map macro can cause UB when `Enum` trait is incorrectly implemented","details":"Affected versions of this crate did not properly check the length of an enum when using `enum_map!` macro, trusting user-provided length.\n\nWhen the `LENGTH` in the `Enum` trait does not match the array length in the `EnumArray` trait, this can result in the initialization of the enum map with uninitialized types, which in turn can allow an attacker to execute arbitrary code.\n\nThis problem can only occur with a manual implementation of the Enum trait, it will never occur for enums that use `#[derive(Enum)]`.\n\nExample code that triggers this vulnerability looks like this:\n\n```rust\nenum E {\n    A,\n    B,\n    C,\n}\n\nimpl Enum for E {\n    const LENGTH: usize = 2;\n\n    fn from_usize(value: usize) -\u003e E {\n        match value {\n            0 =\u003e E::A,\n            1 =\u003e E::B,\n            2 =\u003e E::C,\n            _ =\u003e unimplemented!(),\n        }\n    }\n\n    fn into_usize(self) -\u003e usize {\n        self as usize\n    }\n}\n\nimpl\u003cV\u003e EnumArray\u003cV\u003e for E {\n    type Array = [V; 3];\n}\n\nlet _map: EnumMap\u003cE, String\u003e = enum_map! { _ =\u003e \"Hello, world!\".into() };\n```\n\nThe flaw was corrected in commit [b824e23](https://gitlab.com/KonradBorowski/enum-map/-/commit/b824e232f2fb47837740070096ac253df8e80dfc) by putting `LENGTH` property on sealed trait for macro to read.","aliases":["GHSA-rxhx-9fj6-6h2m"],"modified":"2023-11-08T04:22:58.719670Z","published":"2022-02-17T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/enum-map"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0010.html"},{"type":"WEB","url":"https://gitlab.com/KonradBorowski/enum-map/-/blob/master/CHANGELOG.md#version-202"}],"affected":[{"package":{"name":"enum-map","ecosystem":"crates.io","purl":"pkg:cargo/enum-map"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0-2"},{"fixed":"2.0.2"}]}],"ecosystem_specific":{"affects":{"arch":[],"functions":[],"os":[]},"affected_functions":null},"database_specific":{"informational":"unsound","cvss":null,"categories":["code-execution","memory-corruption","memory-exposure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0010.json"}}],"schema_version":"1.7.3"}