Описание
{fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8::detail::dragonbox::umul192_upper64 (called from fmt::v8::detail::dragonbox::cache_accessor::compute_mul and fmt::v8::detail::dragonbox::decimal_fp fmt::v8::detail::dragonbox::to_de).
{fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8::detail::dragonbox::umul192_upper64 (called from fmt::v8::detail::dragonbox::cache_accessor::compute_mul and fmt::v8::detail::dragonbox::decimal_fp fmt::v8::detail::dragonbox::to_de).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-45959
- https://github.com/fmtlib/fmt/issues/2685
- https://github.com/fmtlib/fmt/commit/2038bf61831eb8faede0883965364a974d1350fe
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fmt/OSV-2021-991.yaml
CVE ID
Связанные уязвимости
nvd
около 4 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none