漏洞标题
链表分配器在`Heap`初始化和`Heap::extend`时容易受到溢出写入的影响。
漏洞描述信息
`linked_list_allocator`在`Heap`初始化和`Heap::extend`时容易受到越界写入的攻击
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
漏洞描述信息
linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
内存缓冲区边界内操作的限制不恰当
漏洞标题
linked-list-allocator 缓冲区错误漏洞
漏洞描述信息
linked-list-allocator是Rust OSDev开源的一个链表分配器代码库。 linked-list-allocator 0.10.2 之前版本存在缓冲区错误漏洞,该漏洞源于堆初始化方法缺少对给定堆大小参数的最小大小检查,由于元数据写入操作,这可能会导致越界写入。
CVSS信息
N/A
漏洞类别
缓冲区错误