GHSA-g23h-7vf9-xc25: Mimalloc Can Allocate Memory with Bad Alignment

November 12, 2024

This crate depended on a promise regarding alignments made by the author of the mimalloc allocator to avoid using aligned allocation functions where possible for performance reasons. Since then, the mimalloc allocator’s logic changed, making it break this promise. This caused this crate to return memory with an incorrect alignment for some allocations, particularly those with large alignments. The flaw was fixed by always using the aligned allocation functions.

References

github.com/advisories/GHSA-g23h-7vf9-xc25
github.com/purpleprotocol/mimalloc_rust
github.com/purpleprotocol/mimalloc_rust/issues/87
rustsec.org/advisories/RUSTSEC-2022-0094.html

Detect and mitigate GHSA-g23h-7vf9-xc25 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →