CVE-2021-38190Improper Restriction of Operations within the Bounds of a Memory Buffer in Nalgebra

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 41.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dimforge NalgebraMsrc Azl3 Librsvg2 2.50.3-4 ON Azure Linux 3.0Msrc Azl3 Librsvg2 2.58.1-1 ON Azure Linux 3.0+2 more
Timeline
PublishedAug 8
Latest updateAug 25

Description

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDdimforge/nalgebra< 0.27.1
crates.iodimforge/nalgebra0.11.00.27.1

Patches

Patch: rustsec.orgPatch: rustsec.org

🔴Vulnerability Details

3
GHSA
Out of bounds write in nalgebra2021-08-25
OSV
Out of bounds write in nalgebra2021-08-25
OSV
VecStorage Deserialize Allows Violation of Length Invariant2021-06-06

📋Vendor Advisories

1
Microsoft
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row co2021-08-10
CVE-2021-38190 — Dimforge Nalgebra vulnerability | cvebase