Bug 1183403 (CVE-2021-25900) - VUL-0: CVE-2021-25900: rust,librsvg: heap-based buffer overflow in SmallVec:insert_many
Summary: VUL-0: CVE-2021-25900: rust,librsvg: heap-based buffer overflow in SmallVec:i...
Status: RESOLVED FIXED
Alias: CVE-2021-25900
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: William Brown
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/276552/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-25900:7.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-11 15:37 UTC by Robert Frohl
Modified: 2023-04-12 00:49 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-03-11 15:37:34 UTC 
rh#1936943

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.

Reference:
https://rustsec.org/advisories/RUSTSEC-2021-0003.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1936943
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25900
https://rustsec.org/advisories/RUSTSEC-2021-0003.html
Comment 1 Robert Frohl 2021-03-11 15:40:25 UTC 
adding a opensuse bugowner (sorry there will be quite a few of these bugs).
Comment 2 Robert Frohl 2021-03-11 15:42:09 UTC 
rust embeds smallvec and smallvec-0.6.10 , therefor these codestreams are affected:

- SUSE:SLE-15:Update/rust
- SUSE:SLE-15-SP1:Update/rust
Comment 3 Federico Mena Quintero 2021-04-23 16:39:33 UTC 
https://build.suse.de/request/show/240147 takes care of this for librsvg in SUSE:SLE-15-SP2:Update.
Comment 4 Swamp Workflow Management 2021-04-28 19:16:27 UTC 
SUSE-SU-2021:1408-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1183403
CVE References: CVE-2021-25900
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    librsvg-2.46.5-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    librsvg-2.46.5-3.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    librsvg-2.46.5-3.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    librsvg-2.46.5-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2021-05-01 01:19:05 UTC 
openSUSE-SU-2021:0634-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1183403
CVE References: CVE-2021-25900
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    librsvg-2.46.5-lp152.2.3.1
Comment 6 Robert Frohl 2022-01-21 12:39:35 UTC 
smallvec was updated to 0.6.14 and 1.6.1 with rust version 1.52 (via 93c8ebe022d0eac6fb02848dc85f003cf7b7503c)
Comment 7 Robert Frohl 2022-01-21 12:40:58 UTC 
(In reply to Robert Frohl from comment #6)
> smallvec was updated to 0.6.14 and 1.6.1 with rust version 1.52 (via
> 93c8ebe022d0eac6fb02848dc85f003cf7b7503c)

Which means SLE15-SP3 is not affected, because rust1.43 is out of support.
SLE15 and SLE15-SP1 are now on 1.53.
Comment 8 Robert Frohl 2022-01-21 12:41:08 UTC 
closing