You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows * ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector.
This flaw was introduced in v0.11.0 (086e6e) due to the addition of an automatically derived implementation of Deserialize for MatrixVec. MatrixVec was later renamed to VecStorage in v0.16.13 (0f66403) and continued to use the automatically derived implementation of Deserialize.
This flaw was corrected in commit 5bff536 by returning an error during deserialization if the number of elements does not exactly match the expected size.
nalgebra0.23.2>=0.27.1<0.11.0The
Deserializeimplementation forVecStoragedid not maintain the invariant that the number of elements must equalnrows * ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector.This flaw was introduced in v0.11.0 (
086e6e) due to the addition of an automatically derived implementation ofDeserializeforMatrixVec.MatrixVecwas later renamed toVecStoragein v0.16.13 (0f66403) and continued to use the automatically derived implementation ofDeserialize.This flaw was corrected in commit
5bff536by returning an error during deserialization if the number of elements does not exactly match the expected size.See advisory page for additional details.
The text was updated successfully, but these errors were encountered: