9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-25900

GHSA ID

GHSA-43w2-9j62-hq99

EPSS Score

0.66903%

CWE

CWE-787

Published

5/24/2022

Updated

9/18/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-25900

CVE-2021-25900: Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-25900

GHSA ID

GHSA-43w2-9j62-hq99

EPSS Score

0.66903%

CWE

CWE-787

Published

5/24/2022

Updated

9/18/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
smallvec	rust	>= 0.6.3, < 0.6.14	0.6.14
smallvec	rust	>= 1.0.0, < 1.6.1	1.6.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly occurs in SmallVec::insert_many as described in all sources. The commit diff shows critical changes to this function's memory handling logic - specifically replacing a direct iterator loop with a two-phase approach (handling size_hint lower bound first, then inserting excess elements safely). The original implementation's unsafe pointer arithmetic and conditional reallocation when 'num_added >= lower_size_bound' was insufficient to prevent buffer overflow when the iterator exceeded its hinted size. The added test_insert_many_overflow in the patch directly validates this failure scenario.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *u* in t** Sm*llV**::ins*rt_m*ny m*t*o* **us** it to *llo**t* * *u***r t**t w*s sm*ll*r t**n n*****. It t**n wrot* p*st t** *n* o* t** *u***r, **usin* * *u***r ov*r*low *n* m*mory *orruption on t** ***p. T*is *u* w*s only tri***r** i* t** it*r*tor

Reasoning

T** vuln*r**ility *xpli*itly o**urs in Sm*llV**::ins*rt_m*ny *s **s*ri*** in *ll sour**s. T** *ommit *i** s*ows *riti**l ***n**s to t*is *un*tion's m*mory **n*lin* lo*i* - sp**i*i**lly r*pl**in* * *ir**t it*r*tor loop wit* * two-p**s* *ppro*** (**n*l

9.8

Basic Information

Concerned about an active attack path?

CVE-2021-25900: Buffer overflow in SmallVec::insert_many

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI