I would lean toward not even issuing security advisories for stuff like this, but if we have to then I think we should specify the severity. e.g.:
-
-
• Very Low: No known vulnerable code, code exec does not seem possible • Low: No known vulnerable code but RCE thereoretically possible OR only DoS possible in the wild • Medium and above: Known vulnerable code, RCE at least theoretically possible
2 replies 0 retweets 0 likes -
“Uninitialized” often means “previously initialized, possibly by someone bad”. I wouldn’t dismiss this bug as inexploitable.
1 reply 0 retweets 1 like -
As far as I can tell it's just a null dereference or a ud2 at worst right now, not uninitialized memory reads.
1 reply 0 retweets 0 likes -
We’ve discovered some potential memory disclosure vulnerabilities and will update the advisory accordingly
1 reply 0 retweets 0 likes -
Here is where we see memory disclosure potential. WDYT? https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505472124 …
2 replies 0 retweets 0 likes -
I think that can only dereference a null pointer, right?
1 reply 0 retweets 0 likes -
Asking around about it a bit more
1 reply 0 retweets 0 likes -
There's some speculation this is potentially RCE (via deref coercion + dropping uninitialized memory). Still waiting for someone to open a PR with a writeup. When they do, I can link you if you're interested.
1 reply 0 retweets 0 likes -
Here's a PR to add more information about how the memoffset vuln can be exploited. Curious what you think:https://github.com/RustSec/advisory-db/pull/129 …
1 reply 0 retweets 1 like
OK, that’s more severe. Though I highly doubt this will ever appear in practice :) i.e. it’s in the same category as the memory safety problems with Go’s interfaces. Looming potential RCE, hasn’t happened in a decade, security people aren’t worried.
-
-
Yeah, high severity, low potential exploitability. These are the sort of dimensions that CVSS(v3) scores do kind of take into account, not that I'm a huge fan of them, but based on your feedback perhaps we should add them.
0 replies 0 retweets 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.