{"id":"RUSTSEC-2022-0063","summary":"Multiple vulnerabilities resulting in out-of-bounds writes","details":"* The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to **out-of-bound writes** when a heap was initialized with a size smaller than `3 * size_of::\u003cusize\u003e` because of metadata write operations.\n* When calling `Heap::extend` with a size smaller than two `usize`s (e.g., 16 on `x86_64`), the size was erroneously rounded up to the minimum size, which could result in an **out-of-bounds write**.\n* Calling `Heap::extend` on an empty heap tried to construct a heap starting at address 0, which is also an **out-of-bounds write**.\n  * One specific way to trigger this accidentally is to call `Heap::new` (or a similar constructor) with a heap size that is smaller than two `usize`s. This was treated as an empty heap as well.\n* Calling `Heap::extend` on a heap whose size is not a multiple of the size of two `usize`s resulted in unaligned writes. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).","aliases":["CVE-2022-36086","GHSA-xg8p-34w2-j49j"],"modified":"2023-11-08T04:10:00.309199Z","published":"2022-09-07T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/linked_list_allocator"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0063.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xg8p-34w2-j49j"}],"affected":[{"package":{"name":"linked_list_allocator","ecosystem":"crates.io","purl":"pkg:cargo/linked_list_allocator"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.10.2"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0063.json","informational":null}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}