Add advisory for xmas-elf. (#2260)

khuey · web-flow · commit 13df66c24bda · 2025-03-26T18:34:51.000+01:00
diff --git a/crates/xmas-elf/RUSTSEC-0000-0000.md b/crates/xmas-elf/RUSTSEC-0000-0000.md
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "xmas-elf"
+date = "2025-03-26"
+url = "https://github.com/nrc/xmas-elf/issues/86"
+categories = ["memory-exposure"]
+
+[affected]
+functions = { "xmas_elf::hash::HashTable::get_bucket" = ["<0.10"], "xmas_elf::hash::HashTable::get_chain" = ["<0.10"] }
+
+[versions]
+patched = [">=0.10"]
+```
+
+# Potential out-of-bounds read with a malformed ELF file and the HashTable API.
+
+Affected versions of this crate only validated the `index` argument of
+`HashTable::get_bucket` and `HashTable::get_chain` against the input-controlled
+`bucket_count` and `chain_count` fields, but not against the size of the ELF
+section. As a result, a malformed ELF file could trigger out-of-bounds reads in
+a consumer of the HashTable API by setting these fields to inappropriately large
+values that would fall outside the relevant hash table section, and by
+introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF
+file.
