CVE-2023-50711 — Out-of-bounds Write in Vmm-sys-util
Severity
9.8CRITICALNVD
EPSS
0.1%
top 72.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 2
Latest updateJan 9
Description
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memo…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages13 packages
Patches
🔴Vulnerability Details
4OSV▶
CVE-2023-50711: vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components↗2024-01-02
OSV▶
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access↗2024-01-02
GHSA▶
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access↗2024-01-02
OSV▶
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access↗2024-01-02