N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-5x36-7567-3cw6

GHSA-5x36-7567-3cw6: partial_sort contains Out-of-bounds Read in release mode

Affected versions of this crate were using a debug assertion to validate the last parameter of partial_sort(). This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions.

All writes are bounds-checked, so the out-of-bounds memory access is read-only. This also means that the first attempted out-of-bounds write will panic, limiting the possible reads.

The accessible region is further limited by an initial bounds-checked read at (last / 2) - 1, i.e., it is proportional to the size of the vector.

This bug has been fixed in v0.2.0.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-5x36-7567-3cw6

GHSA-5x36-7567-3cw6:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
partial_sort	rust	< 0.2.0	0.2.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from using debug_assert! for critical parameter validation in the partial_sort function. The advisory specifically mentions this function's 'last' parameter validation as the root cause. The GitHub issue #7 explicitly shows the debug_assert! at line 58 of lib.rs is insufficient for release builds, leading to OOB reads. The function's logic then proceeds with unsafe get_unchecked operations that rely on this validation, making partial_sort itself the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-5x36-7567-3cw6: partial_sort contains Out-of-bounds Read in release mode

GHSA-5x36-7567-3cw6:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

Technical Details

GHSA-5x36-7567-3cw6: partial_sort contains Out-of-bounds Read in release mode

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI