From 2d6da2ddfdb6ee2c046ffd022339be45385f38ec Mon Sep 17 00:00:00 2001 From: Shihao Xia Date: Wed, 21 May 2025 00:56:16 -0400 Subject: [PATCH 1/4] wren_rust init --- crates/wren_rust/RUSTSEC-0000-0000.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 crates/wren_rust/RUSTSEC-0000-0000.md diff --git a/crates/wren_rust/RUSTSEC-0000-0000.md b/crates/wren_rust/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..845797279 --- /dev/null +++ b/crates/wren_rust/RUSTSEC-0000-0000.md @@ -0,0 +1,21 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "wren_rust" +date = "2025-05-06" +informational = "unsound" +url = "https://docs.rs/wren_rust" +categories = ["memory-corruption"] + +[affected.functions] +"wren_rust::macros::_default_realloc" = ["<= 0.1.3"] + +[versions] +patched = [] +unaffected = [] +``` + +# soundness issue and unmaintained +`wren_rust::macros::_default_realloc()` lacks sufficient checks to it pointer parameter which passed into `free` and `realloc` + +`wren_rust` is unmaintained. \ No newline at end of file From 4aeddc839929f1ebd6e12dfa9bc604b1a8ffb3b9 Mon Sep 17 00:00:00 2001 From: Shihao Xia Date: Wed, 21 May 2025 12:12:46 -0400 Subject: [PATCH 2/4] init --- crates/mod3d-base/RUSTSEC-0000-0000.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 crates/mod3d-base/RUSTSEC-0000-0000.md diff --git a/crates/mod3d-base/RUSTSEC-0000-0000.md b/crates/mod3d-base/RUSTSEC-0000-0000.md new file mode 100644 index 000000000..901e3d2e1 --- /dev/null +++ b/crates/mod3d-base/RUSTSEC-0000-0000.md @@ -0,0 +1,21 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "mod3d-base" +date = "2025-05-06" +informational = "unsound" +url = "https://docs.rs/mod3d" +categories = ["memory-corruption"] + +[affected.functions] +"mod3d_base::BufferData::as_ptr" = ["<= 0.1.0"] + + +[versions] +patched = [] +unaffected = [] +``` + +# soundness issue and unmaintained +`mod3d_base::BufferData::as_ptr` lack of sufficient checks to its public self field `byte_offset` and used unsafely to do the pointer calculation. +`mod3d_base` is unmaintained. \ No newline at end of file From 95dd1941b22300fca2059a45f77dfd88667ddd33 Mon Sep 17 00:00:00 2001 From: Shihao Xia Date: Wed, 21 May 2025 12:14:08 -0400 Subject: [PATCH 3/4] update url --- crates/mod3d-base/RUSTSEC-0000-0000.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/mod3d-base/RUSTSEC-0000-0000.md b/crates/mod3d-base/RUSTSEC-0000-0000.md index 901e3d2e1..94267e669 100644 --- a/crates/mod3d-base/RUSTSEC-0000-0000.md +++ b/crates/mod3d-base/RUSTSEC-0000-0000.md @@ -4,7 +4,7 @@ id = "RUSTSEC-0000-0000" package = "mod3d-base" date = "2025-05-06" informational = "unsound" -url = "https://docs.rs/mod3d" +url = "https://github.com/atthecodeface/model3d" categories = ["memory-corruption"] [affected.functions] From 37565a70d3009bd9709af6d8bfa74edfb9974659 Mon Sep 17 00:00:00 2001 From: Shihao Xia Date: Wed, 21 May 2025 12:19:23 -0400 Subject: [PATCH 4/4] remove other md --- crates/wren_rust/RUSTSEC-0000-0000.md | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 crates/wren_rust/RUSTSEC-0000-0000.md diff --git a/crates/wren_rust/RUSTSEC-0000-0000.md b/crates/wren_rust/RUSTSEC-0000-0000.md deleted file mode 100644 index 845797279..000000000 --- a/crates/wren_rust/RUSTSEC-0000-0000.md +++ /dev/null @@ -1,21 +0,0 @@ -```toml -[advisory] -id = "RUSTSEC-0000-0000" -package = "wren_rust" -date = "2025-05-06" -informational = "unsound" -url = "https://docs.rs/wren_rust" -categories = ["memory-corruption"] - -[affected.functions] -"wren_rust::macros::_default_realloc" = ["<= 0.1.3"] - -[versions] -patched = [] -unaffected = [] -``` - -# soundness issue and unmaintained -`wren_rust::macros::_default_realloc()` lacks sufficient checks to it pointer parameter which passed into `free` and `realloc` - -`wren_rust` is unmaintained. \ No newline at end of file