Skip to content

Commit

Permalink
Update gh-pages
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Dec 4, 2024
1 parent 07d3392 commit 782cbb0
Show file tree
Hide file tree
Showing 14 changed files with 1,265 additions and 226 deletions.
274 changes: 274 additions & 0 deletions advisories/RUSTSEC-2024-0406.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,274 @@
<!DOCTYPE html>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta charset="utf-8">

<meta name="author" content="Rust Project Developers">
<meta name="description" content="Security advisory database for Rust crates published through https://crates.io">
<title>RUSTSEC-2024-0406: ic-stable-structures: BTreeMap memory leak when deallocating nodes with overflows › RustSec Advisory Database</title>

<link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,300italic,400italic" rel="stylesheet">
<link href="/css/basic.css" rel="stylesheet">
<link href="/css/highlight.css" rel="stylesheet">
<link href="/css/index.css" rel="stylesheet">

<script src="/js/index.js" defer></script>
<script src="/js/search.js" defer></script>

<header>
<div class="header-top">
<h1><a href="/"><img class="logo-image" src="/img/rustsec-logo.svg" /></a></h1>

<div class="search">
<form onsubmit="return searchform();">
<input type="search" id="search-term"
placeholder="Look up package or ID..." required
size="20">
</form>
</div>

</div>
<nav>
<div>
<a href="/">About</a>
<a href="/advisories/">Advisories</a>
<a href="/contributing.html">Report Vulnerabilities</a>
</div>
<div>
<a href="https://rust-lang.zulipchat.com/login/#narrow/stream/146229-wg-secure-code/" title="Zulip" aria-label="Zulip"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" style="height:1em;fill:currentColor"><path d="M473.09 122.97c0 22.69-10.19 42.85-25.72 55.08L296.61 312.69c-2.8 2.4-6.44-1.47-4.42-4.7l55.3-110.72c1.55-3.1-.46-6.91-3.64-6.91H129.36c-33.22 0-60.4-30.32-60.4-67.37 0-37.06 27.18-67.37 60.4-67.37h283.33c33.22-.02 60.4 30.3 60.4 67.35zM129.36 506.05h283.33c33.22 0 60.4-30.32 60.4-67.37 0-37.06-27.18-67.37-60.4-67.37H198.2c-3.18 0-5.19-3.81-3.64-6.91l55.3-110.72c2.02-3.23-1.62-7.1-4.42-4.7L94.68 383.6c-15.53 12.22-25.72 32.39-25.72 55.08 0 37.05 27.18 67.37 60.4 67.37zm522.5-124.15l124.78-179.6v-1.56H663.52v-48.98h190.09v34.21L731.55 363.24v1.56h124.01v48.98h-203.7V381.9zm338.98-230.14V302.6c0 45.09 17.1 68.03 47.43 68.03 31.1 0 48.2-21.77 48.2-68.03V151.76h59.09V298.7c0 80.86-40.82 119.34-109.24 119.34-66.09 0-104.96-36.54-104.96-120.12V151.76h59.48zm244.91 0h59.48v212.25h104.18v49.76h-163.66V151.76zm297 0v262.01h-59.48V151.76h59.48zm90.18 3.5c18.27-3.11 43.93-5.44 80.08-5.44 36.54 0 62.59 7 80.08 20.99 16.72 13.22 27.99 34.99 27.99 60.64 0 25.66-8.55 47.43-24.1 62.2-20.21 19.05-50.15 27.6-85.13 27.6-7.77 0-14.77-.39-20.21-1.17v93.69h-58.7V155.26zm58.7 118.96c5.05 1.17 11.27 1.55 19.83 1.55 31.49 0 50.92-15.94 50.92-42.76 0-24.1-16.72-38.49-46.26-38.49-12.05 0-20.21 1.17-24.49 2.33v77.37z"/></svg></a>
<a href="https://twitter.com/RustSec/" title="Twitter" aria-label="Twitter"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" style="height:1em;fill:currentColor"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg></a>
<a href="https://github.com/RustSec/" title="GitHub" aria-label="GitHub"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512" style="height:1em;fill:currentColor"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg></a>
<a href="/feed.xml" title="Atom Feed" aria-label="Atom Feed"><svg xmlns="http://www.w3.org/2000/svg" style="height:1em" viewBox="0 0 8 8">
<style type="text/css">
.button {stroke: none; fill: currentColor;}
.symbol {stroke: none; fill-opacity=0;}
</style>
<rect class="button" width="8" height="8" rx="1.5" />
<circle class="symbol" cx="2" cy="6" r="1" />
<path class="symbol" d="m 1,4 a 3,3 0 0 1 3,3 h 1 a 4,4 0 0 0 -4,-4 z" />
<path class="symbol" d="m 1,2 a 5,5 0 0 1 5,5 h 1 a 6,6 0 0 0 -6,-6 z" />
</svg></a>
</div>
</nav>
</header>

<main class="advisory">
<article>

<span class="floating-menu">
<a href="https://github.com/RustSec/advisory-db/commits/main/crates/ic-stable-structures/RUSTSEC-2024-0406.md">History</a>
<a href="https://github.com/RustSec/advisory-db/edit/main/crates/ic-stable-structures/RUSTSEC-2024-0406.md">Edit</a>
<a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0406">JSON (OSV)</a>
</span>


<header>
<h1>

RUSTSEC-2024-0406

</h1>
<span class="subtitle"><p>BTreeMap memory leak when deallocating nodes with overflows</p>
</span>
</header>



<dl>
<dt id="reported">Reported</dt>
<dd>
<time datetime="2024-05-17">
May 17, 2024
</time>
</dd>

<dt id="issued">Issued</dt>
<dd>
<time datetime="2024-12-04">
December 4, 2024
</time>

</dd>

<dt id="package">Package</dt>
<dd>


<a href="/packages/ic-stable-structures.html">ic-stable-structures</a>
(<a href="https://crates.io/crates/ic-stable-structures">crates.io</a>)


</dd>

<dt id="type">Type</dt>
<dd>

Vulnerability

</dd>


<dt id="categories">Categories</dt>
<dd>
<ul>

<li><a href="/categories/denial-of-service.html">denial-of-service</a></li>

</ul>
</dd>



<dt id="keywords">Keywords</dt>
<dd>

<a href="/keywords/canister.html">#canister</a>

<a href="/keywords/icp.html">#icp</a>

<a href="/keywords/memory-leak.html">#memory-leak</a>

<a href="/keywords/stable-memory.html">#stable-memory</a>

</dd>



<dt id="aliases">Aliases</dt>
<dd>
<ul>

<li>

<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4435">CVE-2024-4435</a>

</li>

<li>

<a href="https://github.com/advisories/GHSA-3rcq-39xp-7xjp">GHSA-3rcq-39xp-7xjp</a>

</li>

</ul>
</dd>



<dt id="details">References</dt>
<dd>
<ul>

<li>
<a href="https://github.com/dfinity/stable-structures/pull/212">
https://github.com/dfinity/stable-structures/pull/212
</a>
</li>


</ul>
</dd>





<dt id="cvss_score">CVSS Score</dt>
<dd>5.9 <span class="tag medium">
MEDIUM
</span></dd>

<dt id="cvss_details">CVSS Details</dt>
<dd>
<dl>

<dt>Attack vector</dt><dd>Network</dd>



<dt>Attack complexity</dt><dd>High</d>



<dt>Privileges required</dt><dd>None</dd>



<dt>User interaction</dt><dd>None</dd>



<dt>Scope</dt><dd>Unchanged</dd>



<dt>Confidentiality</dt><dd>None</dd>



<dt>Integrity</dt><dd>None</dd>



<dt>Availability</dt><dd>High</dd>

</dl>
</dd>

<dt id="cvss">CVSS Vector</dt>
<dd><a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></dd>



<dt id="patched">Patched</dt>
<dd>

<ul>

<li><code>&gt;=0.6.4</code></li>

</ul>

</dd>


<dt id="unaffected">Unaffected</dt>
<dd>
<ul>

<li><code>&lt;0.6.0</code></li>

</ul>
</dd>




</dl>




<h3 id="description">Description</h3>
<p>When storing unbounded types in a <code>BTreeMap</code>, a node is represented as a linked list of &quot;memory chunks&quot;. In some cases, when we deallocate a node only the first memory chunk is deallocated, and the rest of the memory chunks remain (incorrectly) allocated, causing a memory leak.</p>
<p>In the worst case, depending on how a canister uses the <code>BTreeMap</code>, an adversary could interact with the canister through its API and trigger interactions with the map that keep consuming memory due to the memory leak. This could potentially lead to using an excessive amount of memory, or even running out of memory.</p>
<p>This issue has been fixed in <a href="https://github.com/dfinity/stable-structures/pull/212">dfinity/stable-structures/pull/212</a> by changing the logic for deallocating nodes to ensure that all of a node's memory chunks are deallocated. Tests have been added to prevent regressions of this nature moving forward.</p>
<p><strong>Note:</strong> Users of stable-structure &lt; 0.6.0 are not affected.</p>
<h3>Workarounds</h3>
<p>Users who are not storing unbounded types in <code>BTreeMap</code> are not affected and do not need to upgrade. Otherwise, an upgrade to version <code>0.6.4</code> is necessary.</p>
<h3>References</h3>
<ul>
<li><a href="https://github.com/dfinity/stable-structures/security/advisories/GHSA-3rcq-39xp-7xjp">GitHub Security Advisory (GHSA-3rcq-39xp-7xjp)</a></li>
<li><a href="https://github.com/dfinity/stable-structures/pull/212">dfinity/stable-structures/pull/212</a></li>
<li><a href="https://docs.rs/ic-stable-structures/0.6.4/ic_stable_structures/">Stable Structures Documentation</a></li>
<li><a href="https://internetcomputer.org/docs/current/developer-docs/smart-contracts/maintain/storage#stable-memory">Stable Memory on the Internet Computer</a></li>
</ul>


<p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a>
license.


</p>
</article>
</main>
Loading

0 comments on commit 782cbb0

Please sign in to comment.