Miggo Logo

CVE-2021-39228: Memory Safety Issue when using patch or merge on state and assign the result back to state

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.67042%
Published
9/20/2021
Updated
3/30/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
tremor-scriptrust>= 0.7.3, < 0.11.60.11.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from optimizations handling merge/patch operations via in-place mutation (Expr::MergeInPlace and Expr::PatchInPlace AST nodes). The interpreter's expr.rs contained unsafe transmute operations in patch_in_place and merge_in_place functions to mutate state directly. These functions bypassed cloning when assigning back to state, allowing state to retain references to event data's memory after the event was processed and freed. The commit 1a2efcd explicitly removed these optimizations and associated functions to address the memory safety issues.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T*is vuln*r**ility is * m*mory s***ty Issu* w**n usin* [`p*t**`](*ttps://www.tr*mor.rs/*o*s/tr*mor-s*ript/in**x#p*t**) or [`m*r**`](*ttps://www.tr*mor.rs/*o*s/tr*mor-s*ript/in**x#m*r**) on `st*t*` *n* *ssi*n t** r*sult ***k to `st*t*`. I

Reasoning

T** vuln*r**ility st*mm** *rom optimiz*tions **n*lin* m*r**/p*t** op*r*tions vi* in-pl*** mut*tion (*xpr::M*r**InPl*** *n* *xpr::P*t**InPl*** *ST no**s). T** int*rpr*t*r's *xpr.rs *ont*in** uns*** tr*nsmut* op*r*tions in p*t**_in_pl*** *n* m*r**_in_p