Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/84399?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84399?format=api", "vulnerability_id": "VCID-3gt9-q2y9-yud9", "summary": "libafl has unsound usages of `core::slice::from_raw_parts_mut`\nThe library breaks the safety assumptions when using unsafe API `slice::from_raw_parts_mut`. The pointer passed to `from_raw_parts_mut` is misaligned by casting `u8` to `u16` raw pointer directly, which is unsound. The bug is patched by using `align_offset`, which could make sure the memory address is aligned to 2 bytes for `u16`. \n\nThis was patched in 0.11.2 in the [commit](https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d).", "aliases": [ { "alias": "GHSA-f7qj-v3vp-4856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1175339?format=api", "purl": "pkg:cargo/libafl@0.11.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:cargo/libafl@0.11.2" } ], "affected_packages": [], "references": [ { "reference_url": "https://github.com/AFLplusplus/LibAFL", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/AFLplusplus/LibAFL" }, { "reference_url": "https://github.com/AFLplusplus/LibAFL/commit/f70a16a09a8096d3c50159dd8a912a75c2af157c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/AFLplusplus/LibAFL/commit/f70a16a09a8096d3c50159dd8a912a75c2af157c" }, { "reference_url": "https://github.com/AFLplusplus/LibAFL/issues/1526", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/AFLplusplus/LibAFL/issues/1526" }, { "reference_url": "https://github.com/AFLplusplus/LibAFL/pull/1530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/AFLplusplus/LibAFL/pull/1530" }, { "reference_url": "https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2024-0424.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2024-0424.html" }, { "reference_url": "https://github.com/advisories/GHSA-f7qj-v3vp-4856", "reference_id": "GHSA-f7qj-v3vp-4856", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7qj-v3vp-4856" } ], "weaknesses": [], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gt9-q2y9-yud9" }