Is vmm-sys-util affected by CVE-2023-50711?

crates.io vmm-sys-util is affected in >=0.5.0 <0.12.0.

Is CVE-2023-50711 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

medium

CVE-2023-50711

Q: Is CVE-2023-50711 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

crates.io · vmm-sys-util

Summary

`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

Severity: medium
EPSS: 0.7% (p46)
Also known as: GHSA-875g-mfp6-g7f9, RUSTSEC-2024-0002
Published: 2024-01-02

References

https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9
https://nvd.nist.gov/vuln/detail/CVE-2023-50711
https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.