Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseRUSTSEC-2024-0408
RUSTSEC-2024-0408:
Rust vulnerability analysis and mitigation
Overview
RUSTSEC-2024-0408 is a vulnerability in the rust-pprof library that involves unsound implementation related to slice creation from unaligned pointers. The issue affects rust-pprof versions up to 0.13.0-5 (Debian Tracker).
Technical details
The vulnerability stems from unsafe code in the collector.rs file where filevec (aligned to 1 byte) is cast to a specified type through slice::fromrawparts. When elements aligned to more than 1 byte are added to the Collector, an unaligned pointer is created and used to build the slice, violating the safety guarantees of slice::fromrawparts. Additionally, the addrvalidate::validate public API can cause uninitialized memory exposure by allowing arbitrary types to be cast to c_void (GitHub Issue).
Impact
The vulnerability can lead to undefined behavior and potential memory safety violations when working with unaligned pointers. This can result in program crashes, particularly noticeable in debug builds on recent Rust compiler versions where the unsafe precondition violations are detected (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related Rust vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management