-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists because the scratchpad::Tracking trait is not declared as unsafe, allowing users to provide their own safe implementations. However, the methods of this trait (get, set, and capacity) are used within unsafe code blocks in the scratchpad crate, particularly in the scratchpad::marker::MarkerBack::allocate_memory function. The unsafe code assumes that these methods will behave in a certain way to ensure memory safety. A malicious implementation of the Tracking trait can violate these assumptions. For example, a malicious get method can return a value that, when used in pointer arithmetic, results in a pointer outside of the intended buffer. When this pointer is later written to in scratchpad::marker::MarkerBack::allocate_slice_copy, a heap buffer overflow occurs. The fix would be to declare the Tracking trait as unsafe, which would require users who implement it to also use the unsafe keyword, signaling that they are responsible for upholding the safety invariants required by the crate.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| scratchpad | rust | <= 1.3.1 |
RustRustOngoing coverage of React2Shell