CVE-2022-36086: linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
What kind of vulnerability is it? Who is impacted?
This vulnerability impacts all the initialization functions on the Heap
and LockedHeap
types, including Heap::new
, Heap::init
, Heap::init_from_slice
, and LockedHeap::new
. It also affects multiple uses of the Heap::extend
method.
References
- github.com/advisories/GHSA-xg8p-34w2-j49j
- github.com/rust-osdev/linked-list-allocator
- github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf
- github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j
- nvd.nist.gov/vuln/detail/CVE-2022-36086
- rustsec.org/advisories/RUSTSEC-2022-0063.html
Detect and mitigate CVE-2022-36086 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →