rustsec-2024-0408
Vulnerability from osv_rustsec
The library breaks the safety assumptions when using unsafe API std::slice::from_raw_parts. First, when using the API in iterator implementation (TempFdArrayIterator.next), generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the address, the code passed the type c_void, which could also be any type, leading to potential uninitialized memory exposure.
Two unsound usages here highlight the necessity for developers to perform type checks before doing type conversion with unsafe API.
The panic caused by the misalignment causes several downstream applications (e.g., greptimedb) to crash when using pprof::report::ReportBuilder::build.
This was patched in 0.14.0.
The developer also suggested moving to pprof2.
{
"affected": [
{
"database_specific": {
"categories": [],
"cvss": null,
"informational": "unsound"
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [
"pprof::report::ReportBuilder::build",
"pprof::validate"
],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "pprof",
"purl": "pkg:cargo/pprof"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.14.0"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"GHSA-gw5w-5j7f-jmjj"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "The library breaks the safety assumptions when using unsafe API `std::slice::from_raw_parts`. First, when using the API in iterator implementation (`TempFdArrayIterator.next`), generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the address, the code passed the type `c_void`, which could also be any type, leading to potential uninitialized memory exposure. \n\nTwo unsound usages here highlight the necessity for developers to perform type checks before doing type conversion with unsafe API. \n\nThe panic caused by the misalignment causes several downstream applications (e.g., `greptimedb`) to crash when using `pprof::report::ReportBuilder::build`. \n\nThis was patched in 0.14.0. \n\nThe developer also suggested moving to [pprof2](https://crates.io/crates/pprof2).",
"id": "RUSTSEC-2024-0408",
"modified": "2025-10-28T06:02:18Z",
"published": "2024-12-04T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/pprof"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0408.html"
},
{
"type": "REPORT",
"url": "https://github.com/tikv/pprof-rs/issues/232"
},
{
"type": "WEB",
"url": "https://github.com/tikv/pprof-rs/pull/255"
}
],
"related": [],
"severity": [],
"summary": "Unsound usages of `std::slice::from_raw_parts`"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.