Miggo Logo

CVE-2021-29929: Double free in endian_trait

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.59217%
Published
8/25/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
endian_traitrust<= 0.6.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the slice trait implementations that use ptr::read to create a duplicate ownership of values while performing endian conversions. All four methods (from_be, from_le, to_be, to_le) in the Endian impl for mutable slices contain unsafe blocks that: 1. Read the value with ptr::read (creating a new owned value) 2. Perform user-provided conversion (which might panic) 3. Write back with ptr::write. If the user's Endian impl panics between steps 1-3, both the original slice element and the ptr::read-created value will be dropped, causing a double free. The GitLab issue explicitly shows this pattern in src/slices.rs and provides a PoC demonstrating heap corruption through this mechanism.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** *n*i*n_tr*it *r*t* t*rou** ****-**-** *or Rust. * *ou*l* *rop **n o**ur w**n * us*r-provi*** *n*i*n impl p*ni*s.

Reasoning

T** vuln*r**ility st*ms *rom t** sli** tr*it impl*m*nt*tions t**t us* ptr::r*** to *r**t* * *upli**t* own*rs*ip o* v*lu*s w*il* p*r*ormin* *n*i*n *onv*rsions. *ll *our m*t*o*s (*rom_**, *rom_l*, to_**, to_l*) in t** *n*i*n impl *or mut**l* sli**s *on