Miggo Logo
Miggo Vulnerability Database
GHSA-gv7f-5qqh-vxfx

GHSA-gv7f-5qqh-vxfx: xous has unsound usages of `core::slice::from_raw_parts`

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-gv7f-5qqh-vxfx
EPSS Score
-
CWE
-
Published
12/30/2024
Updated
12/30/2024
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
xousrust< 0.9.510.9.51

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two functions in MemoryRange that improperly used core::slice::from_raw_parts. Multiple authoritative sources (GHSA, RustSec advisory, and project's own issue/PR) explicitly identify these functions. The functions allowed casting raw pointers to arbitrary types without validation, demonstrated by the bool slice example that triggers UB. The removal of from_parts and addition of unsafe markers in the patch confirm these were the vulnerable entry points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W* *onsi**r `*s_sli**` *n* `*s_sli**_mut` unsoun* ****us*: t** point*r wit* *ny *it p*tt*rns *oul* ** **st to t** sli** o* *r*itr*ry typ*s. T** point*r *oul* ** *r**t** *y uns*** n*w *n* **pr***t** `*rom_p*rts`. W* *onsi**r t**t `*rom_p*rts` s*oul* *

Reasoning

T** vuln*r**ility st*ms *rom two *un*tions in M*moryR*n** t**t improp*rly us** *or*::sli**::*rom_r*w_p*rts. Multipl* *ut*orit*tiv* sour**s (**S*, RustS** **visory, *n* proj**t's own issu*/PR) *xpli*itly i**nti*y t**s* *un*tions. T** *un*tions *llow**