Add advisory for segmentation fault in ouch (#2084)

* Add advisory for segmentation fault in ouch * Fix CI error * Slightly more descriptive title --------- Co-authored-by: Sergey "Shnatsel" Davidoff <[email protected]>
rustsec · Sep 22, 2024 · eb56b9f · eb56b9f
1 parent 3cae235
commit eb56b9f
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/crates/ouch/RUSTSEC-0000-0000.md b/crates/ouch/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ouch"
+date = "2024-09-22"
+url = "https://github.com/ouch-org/ouch/issues/707"
+categories = ["memory-corruption"]
+
+[affected]
+functions = { "ouch::archive::zip::convert_zip_date_time" = ["<=0.3.1"] }
+
+[versions]
+patched = [">0.3.1"]
+```
+# Segmentation fault due to use of uninitialized memory
+When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convert_zip_date_time".
+In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object,
+the address of the object is changed to the uninitialized memory region. 
+After that, when other function tries to dereference "month", segmentation fault occurs.