CVE-2023-41051

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Sep 1, 2023

Updated: Sep 28, 2023

CWE ID 125

Summary

CVE-2023-41051: A vulnerability was found in the `vm-memory` crate's default implementations of certain `VolatileMemory` trait functions. These functions, `get_atomic_ref`, `aligned_as_ref`, `aligned_as_mut`, `get_ref`, and `get_array_ref`, may allow out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` with a length less than the specified `count`. Custom implementations of `VolatileMemory` that do not follow `get_slice`'s documentation may be affected. This issue started in version 0.1.0 but was resolved in version 0.12.2, which added a check to ensure the `VolatileSlice`'s length matches the `count`. Users are advised to upgrade and are currently unable to implement workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database