GHSA-9cc5-2pq7-hfj8: xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API.

March 26, 2025 (updated October 31, 2025)

Affected versions of this crate only validated the index argument of HashTable::get_bucket and HashTable::get_chain against the input-controlled bucket_count and chain_count fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a consumer of the HashTable API by setting these fields to inappropriately large values that would fall outside the relevant hash table section, and by introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF file.

References

github.com/advisories/GHSA-9cc5-2pq7-hfj8
github.com/nrc/xmas-elf
github.com/nrc/xmas-elf/commit/57685c35512a57269086314a42a70441af4ef451
github.com/nrc/xmas-elf/issues/86
rustsec.org/advisories/RUSTSEC-2025-0018.html

Code Behaviors & Features

Detect and mitigate GHSA-9cc5-2pq7-hfj8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →