Skip to content

Commit bd543b7

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-434x-w66g-qw3r GHSA-8jrv-wx83-w3xj GHSA-hcm6-q6pc-xfhm GHSA-8jrv-wx83-w3xj GHSA-hcm6-q6pc-xfhm
1 parent 42760d8 commit bd543b7

5 files changed

Lines changed: 369 additions & 82 deletions

File tree

advisories/github-reviewed/2026/02/GHSA-434x-w66g-qw3r/GHSA-434x-w66g-qw3r.json

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-434x-w66g-qw3r",
4+
"modified": "2026-02-03T19:17:46Z",
5+
"published": "2026-02-03T19:17:46Z",
6+
"aliases": [],
7+
"summary": "bytes has integer overflow in BytesMut::reserve",
8+
"details": "# Details\n\nIn the unique reclaim path of `BytesMut::reserve`, the condition\n```rs\nif v_capacity >= new_cap + offset\n```\nuses an unchecked addition. When `new_cap + offset` overflows `usize` in release builds, this condition may incorrectly pass, causing `self.cap` to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as `spare_capacity_mut()` then trust this corrupted `cap` value and may create out-of-bounds slices, leading to UB.\n\nThis behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks.\n\n## PoC\n\n```rs\nuse bytes::*;\n\nfn main() {\n let mut a = BytesMut::from(&b\"hello world\"[..]);\n let mut b = a.split_off(5);\n\n // Ensure b becomes the unique owner of the backing storage\n drop(a);\n\n // Trigger overflow in new_cap + offset inside reserve\n b.reserve(usize::MAX - 6);\n\n // This call relies on the corrupted cap and may cause UB & HBO\n b.put_u8(b'h');\n}\n```\n\n# Workarounds\n\nUsers of `BytesMut::reserve` are only affected if integer overflow checks are configured to wrap. When integer overflow is configured to panic, this issue does not apply.",
9+
"severity": [
10+
{
11+
"type": "CVSS_V4",
12+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "crates.io",
19+
"name": "bytes"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "1.2.1"
27+
},
28+
{
29+
"fixed": "1.11.1"
30+
}
31+
]
32+
}
33+
]
34+
}
35+
],
36+
"references": [
37+
{
38+
"type": "WEB",
39+
"url": "https://github.com/tokio-rs/bytes/security/advisories/GHSA-434x-w66g-qw3r"
40+
},
41+
{
42+
"type": "WEB",
43+
"url": "https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f"
44+
},
45+
{
46+
"type": "PACKAGE",
47+
"url": "https://github.com/tokio-rs/bytes"
48+
},
49+
{
50+
"type": "WEB",
51+
"url": "https://github.com/tokio-rs/bytes/releases/tag/v1.11.1"
52+
},
53+
{
54+
"type": "WEB",
55+
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0007.html"
56+
}
57+
],
58+
"database_specific": {
59+
"cwe_ids": [
60+
"CWE-680"
61+
],
62+
"severity": "MODERATE",
63+
"github_reviewed": true,
64+
"github_reviewed_at": "2026-02-03T19:17:46Z",
65+
"nvd_published_at": null
66+
}
67+
}

advisories/github-reviewed/2026/02/GHSA-8jrv-wx83-w3xj/GHSA-8jrv-wx83-w3xj.json

Lines changed: 153 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,153 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8jrv-wx83-w3xj",
4+
"modified": "2026-02-03T19:17:11Z",
5+
"published": "2026-02-03T12:30:29Z",
6+
"aliases": [
7+
"CVE-2025-67857"
8+
],
9+
"summary": "Moodle Inserts Sensitive Information Into Sent Data",
10+
"details": "A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "moodle/moodle"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "4.1.22"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "moodle/moodle"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.4.0-beta"
48+
},
49+
{
50+
"fixed": "4.4.12"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "moodle/moodle"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "4.5.0-beta"
67+
},
68+
{
69+
"fixed": "4.5.8"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "moodle/moodle"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "5.0.0-beta"
86+
},
87+
{
88+
"fixed": "5.0.4"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "moodle/moodle"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "5.1.0-beta"
105+
},
106+
{
107+
"fixed": "5.1.1"
108+
}
109+
]
110+
}
111+
]
112+
}
113+
],
114+
"references": [
115+
{
116+
"type": "ADVISORY",
117+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67857"
118+
},
119+
{
120+
"type": "WEB",
121+
"url": "https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6"
122+
},
123+
{
124+
"type": "WEB",
125+
"url": "https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0"
126+
},
127+
{
128+
"type": "WEB",
129+
"url": "https://access.redhat.com/security/cve/CVE-2025-67857"
130+
},
131+
{
132+
"type": "WEB",
133+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423868"
134+
},
135+
{
136+
"type": "PACKAGE",
137+
"url": "https://github.com/moodle/moodle"
138+
},
139+
{
140+
"type": "WEB",
141+
"url": "https://moodle.org/mod/forum/discuss.php?d=471307"
142+
}
143+
],
144+
"database_specific": {
145+
"cwe_ids": [
146+
"CWE-201"
147+
],
148+
"severity": "MODERATE",
149+
"github_reviewed": true,
150+
"github_reviewed_at": "2026-02-03T19:17:11Z",
151+
"nvd_published_at": "2026-02-03T11:15:56Z"
152+
}
153+
}

advisories/github-reviewed/2026/02/GHSA-hcm6-q6pc-xfhm/GHSA-hcm6-q6pc-xfhm.json

Lines changed: 149 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,149 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hcm6-q6pc-xfhm",
4+
"modified": "2026-02-03T19:16:52Z",
5+
"published": "2026-02-03T12:30:29Z",
6+
"aliases": [
7+
"CVE-2025-67856"
8+
],
9+
"summary": "Moodle has an authorization logic flaw",
10+
"details": "A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "moodle/moodle"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "4.1.22"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "moodle/moodle"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.4.0-beta"
48+
},
49+
{
50+
"fixed": "4.4.12"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "moodle/moodle"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "4.5.0-beta"
67+
},
68+
{
69+
"fixed": "4.5.8"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "moodle/moodle"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "5.0.0-beta"
86+
},
87+
{
88+
"fixed": "5.0.4"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "moodle/moodle"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "5.1.0-beta"
105+
},
106+
{
107+
"fixed": "5.1.1"
108+
}
109+
]
110+
}
111+
]
112+
}
113+
],
114+
"references": [
115+
{
116+
"type": "ADVISORY",
117+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67856"
118+
},
119+
{
120+
"type": "WEB",
121+
"url": "https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0"
122+
},
123+
{
124+
"type": "WEB",
125+
"url": "https://access.redhat.com/security/cve/CVE-2025-67856"
126+
},
127+
{
128+
"type": "WEB",
129+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423864"
130+
},
131+
{
132+
"type": "PACKAGE",
133+
"url": "https://github.com/moodle/moodle"
134+
},
135+
{
136+
"type": "WEB",
137+
"url": "https://moodle.org/mod/forum/discuss.php?d=471306"
138+
}
139+
],
140+
"database_specific": {
141+
"cwe_ids": [
142+
"CWE-863"
143+
],
144+
"severity": "MODERATE",
145+
"github_reviewed": true,
146+
"github_reviewed_at": "2026-02-03T19:16:52Z",
147+
"nvd_published_at": "2026-02-03T11:15:55Z"
148+
}
149+
}

0 commit comments

Comments
 (0)