Miggo Logo

CVE-2021-29930: Out of bounds write in arenavec

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.59217%
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
arenavecrust<= 0.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub issue #1 and RustSec advisory explicitly identify these 3 functions with specific panic safety flaws: 1) Slice::new's premature len setting enables drops of uninitialized memory, 2-3) resize()/resize_with()'s len adjustment timing enables double drops. Code structure matches described vulnerability patterns (CWE-787 via invalid memory operations during panic unwind). The provided PoC demonstrates concrete double-free scenarios in resize methods.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** *r*n*v** *r*t* t*rou** *.*.*. * *rop o* uniniti*liz** m*mory **n som*tim*s o**ur upon * p*ni* in T::****ult()

Reasoning

T** *it*u* issu* #* *n* RustS** **visory *xpli*itly i**nti*y t**s* * *un*tions wit* sp**i*i* p*ni* s***ty *l*ws: *) `Sli**::n*w`'s pr*m*tur* l*n s*ttin* *n**l*s *rops o* uniniti*liz** m*mory, *-*) `r*siz*()`/`r*siz*_wit*()`'s l*n **justm*nt timin* *n