Skip to content

Redox UEFI Safe API can cause heap-buffer-overflow

Low severity GitHub Reviewed Published May 6, 2025 to the GitHub Advisory Database • Updated May 6, 2025

Package

cargo redox_uefi_std (Rust)

Affected versions

>= 0.1.8, < 0.1.14

Patched versions

0.1.14

Description

ffi::nstr() should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow.

References

Published to the GitHub Advisory Database May 6, 2025
Reviewed May 6, 2025
Last updated May 6, 2025

Severity

Low

EPSS score

Weaknesses

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-58xc-hpvq-8473

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.