{"id":"RUSTSEC-2024-0377","summary":"Heap Buffer overflow using c_chars_to_str function","details":"The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.\n\nIf the chars array does not contain a null byte (\\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.","aliases":["GHSA-pfr9-2p92-qrhq"],"modified":"2025-10-28T06:29:25.627925Z","published":"2024-10-07T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/dbn"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0377.html"},{"type":"REPORT","url":"https://github.com/databento/dbn/issues/67"}],"affected":[{"package":{"name":"dbn","ecosystem":"crates.io","purl":"pkg:cargo/dbn"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.22.1-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0377.json","categories":["memory-corruption"]}}],"schema_version":"1.7.3"}