advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

Add advisory for remoteprocess soundness issues

Open lewismosciski opened this issue 2 months ago • 1 comments

This PR adds an advisory for soundness issues in remoteprocess.

Summary

Safe methods in the ProcessMemory trait can cause double-free and use-after-free bugs when used with non-Copy types.

Details

  • Vulnerability: Methods perform bitwise copies without enforcing Copy trait
  • Impact: Double-free when copying non-POD types (e.g., String, Vec)
  • Affected functions: copy_struct, copy_pointer, copy_vec
  • Affected versions: < 0.5.1
  • Status: ✅ Confirmed and fixed by maintainer
  • Fix: Added Copy trait bounds to ensure only trivially copyable types can be used
  • Fixed in: 0.5.1

lewismosciski avatar Oct 21 '25 14:10 lewismosciski

Hi @benfred,

Could you please confirm you're okay with publishing this advisory for the soundness issue https://github.com/benfred/remoteprocess/issues/105?

Thanks!

lewismosciski avatar Oct 21 '25 17:10 lewismosciski