Skip to content

Redox UEFI Safe API can cause heap-buffer-overflow

Low severity GitHub Reviewed Published May 6, 2025 to the GitHub Advisory Database • Updated May 6, 2025

Package

cargo redox_uefi_std (Rust)

Affected versions

>= 0.1.8, < 0.1.14

Patched versions

0.1.14

Description

ffi::nstr() should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow.

References

Published to the GitHub Advisory Database May 6, 2025
Reviewed May 6, 2025
Last updated May 6, 2025

Severity

Low

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-58xc-hpvq-8473

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.