advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

DFs in slice-ring-buffer

Open GeorgeAndrou opened this issue 6 months ago • 1 comments

Four new memory safety bugs have been discovered in slice-ring-buffer (a fork of the unmaintained slice-deque crate).

All four bugs can lead to double-free violations, when only safe APIs are used. No patches for these vulnerabilities have been developed yet.

We have contacted the maintainers of the crate (@LiquidityC), and they have granted us permission to request a security advisory for these issues.

GeorgeAndrou avatar Jun 16 '25 15:06 GeorgeAndrou

@LiquidityC please confirm that you are okay with an advisory being published for your crate.

Also, are you planning to fix these issues? If that is planned for the short term, we typically like to hold off on publishing an advisory until the fixed version is published.

djc avatar Jun 17 '25 12:06 djc

@djc Confirmed that I'm aware of the issues. I currently have no prognosis on when the issues can be fixed. I'm personally busy with work and the only reason I'm a maintainer is due to the original repo and maintainer becoming unreachable so I created this fork to address issues in the original repo. Hoping that someone in the community might be able to address the issues earlier then I will be able to.

LiquidityC avatar Jul 12 '25 12:07 LiquidityC

@GeorgeAndrou can you add something like this to the advisory at the end:

Unfortunately, the maintainer doesn't have much availability to resolve these issues so there's no concrete timeline for fixes. Community contributions towards fixing these vulnerabilities would be much appreciated.

Then we can publish it -- hopefully that will help in finding someone who can fix these issues.

djc avatar Jul 14 '25 08:07 djc

@djc I committed an updated version of the bug report.

GeorgeAndrou avatar Jul 14 '25 19:07 GeorgeAndrou