Miggo Logo
Miggo Vulnerability Database
GHSA-7v4j-8wvr-v55r

GHSA-7v4j-8wvr-v55r: `array!` macro is unsound when its length is impure constant

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-7v4j-8wvr-v55r
EPSS Score
-
CWE
-
Published
6/16/2022
Updated
1/12/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
array-macrorust>= 2.1.0, < 2.1.22.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from dual use of $count in:

  1. __ArrayVec type parameter initialization (<_, {$count}>)
  2. Loop condition (while vec.0.len < $count)

Before the patch, both positions would re-evaluate the $count expression. The commit fixed this by introducing a __Capacity struct to capture N once via vec.0.capacity.get(), ensuring single evaluation. The vulnerable code path is clearly the macro's loop condition logic prior to this fix, as confirmed by the patch changing 'while vec.0.len < $count' to use the capacity field.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* *i* su*stitut* t** *rr*y l*n*t* provi*** *y *n us*r *t *ompil*-tim* multipl* tim*s. W**n *n impur* *onst*nt *xpr*ssion is p*ss** *s *n *rr*y l*n*t* (su** *s * r*sult o* *n impur* pro***ur*l m**ro), t*is **n r*sult in

Reasoning

T** vuln*r**ility st*mm** *rom *u*l us* o* $*ount in: *. __*rr*yV** typ* p*r*m*t*r initi*liz*tion (<_, {$*ount}>) *. Loop *on*ition (w*il* v**.*.l*n < $*ount) ***or* t** p*t**, *ot* positions woul* r*-*v*lu*t* t** $*ount *xpr*ssion. T** *ommit *ix**