Transpose Crate Buffer Overflow Vulnerability in Rust
Vulnerability
A buffer overflow vulnerability has been identified in the Transpose crate for Rust, affecting versions 0.1.0 prior to 0.2.3. The issue arises in the `transpose::transpose` function, where the safety check for the product of `input_width` and `input_height` can be bypassed due to integer overflow. This overflow can cause memory to be written past the end of the output buffer, leading to potential memory corruption. The vulnerability exists only in release mode, as debug mode prevents such overflows from occurring.
Impact
Exploitation of this vulnerability causes a buffer overflow, which can lead to a segmentation fault and memory corruption.
Reproduction
To reproduce this vulnerability, use Transpose crate version 0.2.2. Create a 1D input array and pass it to the `transpose` function along with `input_width` and `input_height` values that will cause the multiplication to overflow. In release mode, this will result in a segmentation fault due to the overflow check being disabled.
Remediation
Users can update to Transpose crate version 0.2.3 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.