N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-qm2p-4w45-v2vr

GHSA-qm2p-4w45-v2vr: grcov has an out of bounds write triggered by crafted coverage data

Function grcov::covdir::get_coverage uses the unsafe function get_unchecked_mut without validating that the index is in bounds.

This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-qm2p-4w45-v2vr

GHSA-qm2p-4w45-v2vr:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
grcov	rust	< 0.8.20	0.8.20

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the unsafe usage of get_unchecked_mut in the CDFileStats::new implementation shown in the commit diff. Though the advisory mentions grcov::covdir::get_coverage, the actual vulnerable code resides in CDFileStats::new where coverage data processing occurs. The function calculates an index from line_num - 1 but fails to validate it against the lines vector bounds before unsafe mutation. The commit patch replaces get_unchecked_mut with safe get_mut with bounds checking, confirming this as the vulnerable location. High confidence comes from direct correlation between the vulnerability description, commit diff, and crash analysis in the bug report.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-qm2p-4w45-v2vr: grcov has an out of bounds write triggered by crafted coverage data

GHSA-qm2p-4w45-v2vr:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

N/A

N/A

Basic Information

Basic Information

GHSA-qm2p-4w45-v2vr: grcov has an out of bounds write triggered by crafted coverage data

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI