Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add vulnerability advisory for n2 #2131

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add vulnerability advisory for n2 #2131

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
83cc52b
Add vulnerability advisory for n2
lwz23 Nov 11, 2024
9aadcc9
fix PR lint check error
lwz23 Nov 11, 2024
fc7410d
fix duplicate advisory ID
lwz23 Nov 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions crates/n2/RUSTSEC-2024-0411.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-2024-0411"
package = "n2"
date = "2024-11-11"
informational = "unsound"
url = "https://github.com/evmar/n2/issues/121"
references = ["https://github.com/evmar/n2/issues/122", "https://github.com/evmar/n2/issues/123"]
aliases = []

[versions]
patched = []
```

# Multiple soundness issues

`n2` contains multiple soundness issues:

n2 contains multiple soundness issues:

1. Invalid Input Handling in Scanner::slice Method. When using the Scanner::slice method, passing an out-of-bounds argument causes the program to panic abort. This indicates a potential design flaw, as it fails to handle invalid input properly, impacting the stability of the application. [Issue #121](https://github.com/evmar/n2/issues/121)
2. Out of Bounds Access in Scanner::peek Method. The peek method in the Scanner struct does not handle out-of-bounds accesses correctly. When the internal offset exceeds the length of the buffer, it causes a panic abort. [Issue #122](https://github.com/evmar/n2/issues/122)
3. Invalid Input Handling in Scanner::peek_newline Method. The peek_newline method fails to handle cases where the internal offset exceeds the size of the buffer, leading to a panic abort. This indicates a design flaw as invalid input is not handled properly. [Issue #123](https://github.com/evmar/n2/issues/123)