Out of bounds read in simd-json
        
  High severity
        
          GitHub Reviewed
      
        Published
          Aug 25, 2021 
          to the GitHub Advisory Database
          •
          Updated Jun 13, 2023 
      
  
Description
        Reviewed
      Aug 19, 2021 
    
  
        Published to the GitHub Advisory Database
      Aug 25, 2021 
    
  
        Last updated
      Jun 13, 2023 
    
  
The affected version of this crate did not guard against accessing memory beyond the range of its input data. A pointer cast to read the data into a 256-bit register could lead to a segmentation fault when the end plus the 32 bytes (256 bit) read would overlap into the next page during string parsing. This allows an attacker to eventually crash a service. The flaw was corrected by using a padding buffer for the last read from the input. So that we are we never read over the boundary of the input data.
References