GHSA-x3f4-45xf-rjm7: `ruzstd` uninit and out-of-bounds memory reads

December 2, 2024

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copy_bytes_overshooting of up to 15 bytes.

This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.

References

github.com/KillingSpark/zstd-rs
github.com/KillingSpark/zstd-rs/issues/75
github.com/KillingSpark/zstd-rs/pull/76
github.com/advisories/GHSA-x3f4-45xf-rjm7
rustsec.org/advisories/RUSTSEC-2024-0400.html

Detect and mitigate GHSA-x3f4-45xf-rjm7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →