CVE-2021-38188: Incorrect buffer size calculation in iced-x86

August 25, 2021

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.

References

github.com/advisories/GHSA-jjx5-3f36-6927
github.com/icedland/iced
github.com/icedland/iced/commit/3c607a003e03b773108401d109167d1840487dce
github.com/icedland/iced/issues/168
nvd.nist.gov/vuln/detail/CVE-2021-38188
rustsec.org/advisories/RUSTSEC-2021-0068.html

Detect and mitigate CVE-2021-38188 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →