Miggo Logo

CVE-2021-25900: Buffer overflow in SmallVec::insert_many

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.66903%
Published
5/24/2022
Updated
9/18/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
smallvecrust>= 0.6.3, < 0.6.140.6.14
smallvecrust>= 1.0.0, < 1.6.11.6.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability explicitly occurs in SmallVec::insert_many as described in all sources. The commit diff shows critical changes to this function's memory handling logic - specifically replacing a direct iterator loop with a two-phase approach (handling size_hint lower bound first, then inserting excess elements safely). The original implementation's unsafe pointer arithmetic and conditional reallocation when 'num_added >= lower_size_bound' was insufficient to prevent buffer overflow when the iterator exceeded its hinted size. The added test_insert_many_overflow in the patch directly validates this failure scenario.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *u* in t** Sm*llV**::ins*rt_m*ny m*t*o* **us** it to *llo**t* * *u***r t**t w*s sm*ll*r t**n n*****. It t**n wrot* p*st t** *n* o* t** *u***r, **usin* * *u***r ov*r*low *n* m*mory *orruption on t** ***p. T*is *u* w*s only tri***r** i* t** it*r*tor

Reasoning

T** vuln*r**ility *xpli*itly o**urs in Sm*llV**::ins*rt_m*ny *s **s*ri*** in *ll sour**s. T** *ommit *i** s*ows *riti**l ***n**s to t*is *un*tion's m*mory **n*lin* lo*i* - sp**i*i**lly r*pl**in* * *ir**t it*r*tor loop wit* * two-p**s* *ppro*** (**n*l