Miggo Logo

CVE-2021-45680: Out-of-bounds Write in vec-const

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.55713%
Published
1/6/2022
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
vec-construst< 2.0.02.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improperly constructing a Vec from a const slice pointer. The advisory explicitly states the crate tried to create a Vec with nonzero capacity in const context, which is impossible as Vec requires heap allocation. The function responsible for this unsafe construction (likely from_raw_parts or similar) would be vulnerable. The high confidence comes from the advisory's technical description matching the pattern of unsafe Vec construction from raw pointers without proper allocator integration.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** v**-*onst *r*t* ***or* *.*.* *or Rust. It tri*s to *onstru*t * V** *rom * point*r to * *onst sli**, l***in* to m*mory *orruption.

Reasoning

T** vuln*r**ility st*ms *rom improp*rly *onstru*tin* * V** *rom * *onst sli** point*r. T** **visory *xpli*itly st*t*s t** *r*t* tri** to *r**t* * V** wit* nonz*ro **p**ity in *onst *ont*xt, w*i** is impossi*l* *s V** r*quir*s ***p *llo**tion. T** *un