Skip to content

Unexpected panics in num-bigint

Moderate severity GitHub Reviewed Published Nov 3, 2021 in rust-num/num-bigint • Updated Jan 9, 2023

Package

cargo num-bigint (Rust)

Affected versions

>= 0.4.1, < 0.4.3

Patched versions

0.4.3

Description

Impact

Two scenarios were reported where BigInt and BigUint multiplication may unexpectedly panic.

  • The internal mac3 function did not expect the possibility of non-empty all-zero inputs, leading to an unwrap() panic.
  • A buffer was allocated with less capacity than needed for an intermediate result, leading to an assertion panic.

Rust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may constitute a denial-of-service vulnerability.

Patches

Both problems were introduced in version 0.4.1, and are fixed in version 0.4.3.

For more information

If you have any questions or comments about this advisory, please open an issue in the num-bigint repo.

Acknowledgements

Thanks to Guido Vranken and Arvid Norberg for privately reporting these issues to the author.

References

References

@cuviper cuviper published to rust-num/num-bigint Nov 3, 2021
Reviewed Nov 3, 2021
Published to the GitHub Advisory Database Nov 3, 2021
Last updated Jan 9, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-v935-pqmr-g8v9

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.