cvedb.io
CVE-2023-28448
MEDIUM · CVSS 5.7
EPSS exploitation probability: 0%
Published 2023-03-24T20:15:15.613 · Last modified 2026-06-17T05:47:45.653

Summary

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for ‘vmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.

Affected products

versionize_project — versionize

Does this affect you?

Add your gear to cvedb and we'll alert you only when versionize_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.