advisory-db icon indicating copy to clipboard operation
advisory-db copied to clipboard
verified publisher icon rustsec

Add advisory for libafl_bolts out-of-bounds access

Open lewismosciski opened this issue 2 months ago • 1 comments

This PR adds an advisory for a soundness issue in libafl_bolts.

Summary

The safe functions covmap_is_interesting_simd and covmap_is_interesting_naive can cause undefined behavior through out-of-bounds memory access.

Details

  • Vulnerability: Use get_unchecked on hist slice with indices from map slice
  • Impact: Out-of-bounds access when hist.len() < map.len(), causing undefined behavior
  • Status: ✅ Fixed in main branch, awaiting release
  • Fix: Functions marked as unsafe with safety documentation

lewismosciski avatar Oct 21 '25 14:10 lewismosciski

Hi @domenukk,

Per RustSec policy, could you please confirm you're okay with publishing this advisory for the soundness issue https://github.com/AFLplusplus/LibAFL/issues/3417?

Thanks!

lewismosciski avatar Oct 21 '25 17:10 lewismosciski