N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-466c-pfvv-v83g

GHSA-466c-pfvv-v83g: wrflib has a soundness issue and is unmaintained

All functions under wrflib::byte_extract are simply wrapper of unsafe pointer offset and lacks sufficient checks to it pointer and offset parameter.

wrflib is unmaintained.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-466c-pfvv-v83g

GHSA-466c-pfvv-v83g:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
wrflib	rust	<= 0.0.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability advisory explicitly states that all functions under wrflib::byte_extract are vulnerable due to a lack of bounds checking when performing pointer arithmetic. Analysis of the source code for wrflib/main/src/byte_extract.rs confirms this. All functions within this file use unsafe blocks to perform pointer arithmetic (data.as_ptr().add(offset)) without validating that the provided offset is within the bounds of the data slice. This can be exploited by providing a crafted offset that causes the function to read from an arbitrary memory location, leading to a crash or information disclosure. The file's introductory comment even acknowledges the intentional lack of safety for performance reasons. Since the library is unmaintained, no patch is available, and all versions up to and including 0.0.3 are affected.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-466c-pfvv-v83g: wrflib has a soundness issue and is unmaintained

GHSA-466c-pfvv-v83g:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

N/A

N/A

Basic Information

Basic Information

Technical Details

GHSA-466c-pfvv-v83g: wrflib has a soundness issue and is unmaintained

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI