Описание
The total_size function for partial read the length of any FixVec is incorrect in molecule.
Anyone who uses total_size(..) function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release.
Ссылки
- https://github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9
- https://nvd.nist.gov/vuln/detail/CVE-2021-45697
- https://github.com/nervosnetwork/molecule/pull/49
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/molecule/RUSTSEC-2021-0103.md
- https://rustsec.org/advisories/RUSTSEC-2021-0103.html
Пакеты
Наименование
molecule
rust
Затронутые версииВерсия исправления
< 0.7.2
0.7.2
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.