Skip to content

Commit

Permalink
fix: update ruzstd 0.7.2 to 0.7.3
Browse files Browse the repository at this point in the history 
# `ruzstd` 0.7.2 outbounds memory access

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copy_bytes_overshooting of up to 15 bytes.

This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.
  • Loading branch information
@dependabot
dependabot[bot] authored Dec 3, 2024
1 parent 353e560 commit 300a5df
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ log = { version = "*", features = [
"max_level_debug",
"release_max_level_warn",
] }
ruzstd = { version = "^0.7.3" }

[profile.dev]
opt-level = 1
Expand Down

0 comments on commit 300a5df

Please sign in to comment.