GHSA-585q-cm62-757j

Опубликовано: 09 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 2

Описание

mnl has segmentation fault and invalid memory read in mnl::cb_run

The function mnl::cb_run is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers.

Passing a crafted byte slice to mnl::cb_run can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to out-of-bounds reads.

This vulnerability allows an attacker to cause a Denial of Service (segmentation fault) or potentially read unmapped memory by providing a malformed Netlink message.

Ссылки

https://github.com/mullvad/mnl-rs/issues/15
https://rustsec.org/advisories/RUSTSEC-2025-0142.html

Пакеты

Наименование

mnl

rust

Затронутые версииВерсия исправления

<= 0.3.0

Отсутствует

2 Low

CVSS4

Дефекты

CWE-125

2 Low

CVSS4

Дефекты

CWE-125