CVE-2021-45697: The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule.
(updated )
Anyone who uses total_size(..) function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release.
References
- github.com/advisories/GHSA-6p3c-v8vc-c244
- github.com/nervosnetwork/molecule
- github.com/nervosnetwork/molecule/pull/49
- github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9
- nvd.nist.gov/vuln/detail/CVE-2021-45697
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/molecule/RUSTSEC-2021-0103.md
- rustsec.org/advisories/RUSTSEC-2021-0103.html
Detect and mitigate CVE-2021-45697 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →