{"uuid": "da0070e9-416d-46ae-b421-ca08aa218340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28448", "type": "seen", "source": "https://t.me/cibsecurity/60677", "content": "\u203c CVE-2023-28448 \u203c\n\nVersionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the \u00e2\u20ac\u02dcVersionize::deserialize\u00e2\u20ac\u2122 implementation provided by the \u00e2\u20ac\u02dcversionize\u00e2\u20ac\u2122 crate for \u00e2\u20ac\u02dcvmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T23:42:58.000000Z"}