GHSA-m2xr-2vj4-wh94: Buffer Overflow
First published: Tue May 06 2025(Updated: )
The following functions in the `tanton_engine` crate are unsound due to lack of sufficient boundary checks in public API: - `Stack::offset()` - `ThreadStack::get()` - `RootMoveList::insert_score_depth()` - `RootMoveList::insert_score()` The tanton_engine crate is no longer maintained, so there are no plans to fix this issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rust/tanton_engine | <=1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-m2xr-2vj4-wh94?
The severity of GHSA-m2xr-2vj4-wh94 is categorized as critical due to unsound functions in the tanton_engine crate.
How do I fix GHSA-m2xr-2vj4-wh94?
To fix GHSA-m2xr-2vj4-wh94, you should avoid using the tanton_engine crate since it is no longer maintained and lacks security updates.
Which functions are affected by GHSA-m2xr-2vj4-wh94?
The affected functions in GHSA-m2xr-2vj4-wh94 are Stack::offset(), ThreadStack::get(), RootMoveList::insert_score_depth(), and RootMoveList::insert_score().
What is the impact of GHSA-m2xr-2vj4-wh94 on applications?
The impact of GHSA-m2xr-2vj4-wh94 on applications includes potential exploitation due to inadequate boundary checks, leading to undefined behavior.
Is the tanton_engine crate safe to use following GHSA-m2xr-2vj4-wh94?
No, the tanton_engine crate is not safe to use after GHSA-m2xr-2vj4-wh94, as it is unmaintained and poses severe security risks.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-m2xr-2vj4-wh94
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/references
- agent/type
- agent/softwarecombine
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- package-manager/rust