CVE-2023-28448 - OpenCVE

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for ‘vmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Versionize Project	Versionize

Configuration 1 [-]

cpe:2.3:a:versionize_project:versionize:*:*:*:*:*:rust:*:*

No data.

References

Link	Providers
https://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47
https://github.com/firecracker-microvm/versionize/pull/53
https://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-24T19:34:29.037Z

Updated: 2024-08-02T12:38:25.360Z

Reserved: 2023-03-15T15:59:10.057Z

Link: CVE-2023-28448

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-24T20:15:15.613

Modified: 2023-11-07T04:10:37.130

Link: CVE-2023-28448

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28448", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-15T15:59:10.057Z", "datePublished": "2023-03-24T19:34:29.037Z", "dateUpdated": "2024-08-02T12:38:25.360Z"}, "containers": {"cna": {"title": "Versionize is lacking bound checks, potentially leading to out of bounds memory access", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc"}, {"name": "https://github.com/firecracker-microvm/versionize/pull/53", "tags": ["x_refsource_MISC"], "url": "https://github.com/firecracker-microvm/versionize/pull/53"}, {"name": "https://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47", "tags": ["x_refsource_MISC"], "url": "https://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47"}], "affected": [{"vendor": "firecracker-microvm", "product": "versionize", "versions": [{"version": "< 0.1.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-24T19:34:29.037Z"}, "descriptions": [{"lang": "en", "value": "Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the \u2018Versionize::deserialize\u2019 implementation provided by the \u2018versionize\u2019 crate for \u2018vmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.\n"}], "source": {"advisory": "GHSA-8vxc-r5wp-vgvc", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.360Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc"}, {"name": "https://github.com/firecracker-microvm/versionize/pull/53", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/firecracker-microvm/versionize/pull/53"}, {"name": "https://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:versionize_project:versionize:*:*:*:*:*:rust:*:*", "matchCriteriaId": "16F37684-4478-44B1-A067-78576CCD0E71", "versionEndExcluding": "0.1.10", "versionStartIncluding": "0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the \u2018Versionize::deserialize\u2019 implementation provided by the \u2018versionize\u2019 crate for \u2018vmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.\n"}], "id": "CVE-2023-28448", "lastModified": "2023-11-07T04:10:37.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-03-24T20:15:15.613", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/firecracker-microvm/versionize/commit/a57a051ba006cfa3b41a0532f484df759e008d47"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/firecracker-microvm/versionize/pull/53"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/firecracker-microvm/versionize/security/advisories/GHSA-8vxc-r5wp-vgvc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}