{"containers":{"cna":{"affected":[{"product":"tremor-runtime","vendor":"tremor-rs","versions":[{"status":"affected","version":"> 0.7.2, < 0.11.6"}]}],"descriptions":[{"lang":"en","value":"Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416: Use After Free","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-825","description":"CWE-825: Expired Pointer Dereference","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-09-17T14:00:14.000Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/tremor-rs/tremor-runtime/security/advisories/GHSA-mc22-5q92-8v85"},{"tags":["x_refsource_MISC"],"url":"https://github.com/tremor-rs/tremor-runtime/pull/1217"},{"tags":["x_refsource_MISC"],"url":"https://github.com/tremor-rs/tremor-runtime/commit/1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e"},{"tags":["x_refsource_MISC"],"url":"https://github.com/tremor-rs/tremor-runtime/releases/tag/v0.11.6"}],"source":{"advisory":"GHSA-mc22-5q92-8v85","discovery":"UNKNOWN"},"title":"Memory Safety Issue when using patch or merge on state and assign the result back to state","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2021-39228","STATE":"PUBLIC","TITLE":"Memory Safety Issue when using patch or merge on state and assign the result back to state"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"tremor-runtime","version":{"version_data":[{"version_value":"> 0.7.2, < 0.11.6"}]}}]},"vendor_name":"tremor-rs"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416: Use After Free"}]},{"description":[{"lang":"eng","value":"CWE-825: Expired Pointer Dereference"}]}]},"references":{"reference_data":[{"name":"https://github.com/tremor-rs/tremor-runtime/security/advisories/GHSA-mc22-5q92-8v85","refsource":"CONFIRM","url":"https://github.com/tremor-rs/tremor-runtime/security/advisories/GHSA-mc22-5q92-8v85"},{"name":"https://github.com/tremor-rs/tremor-runtime/pull/1217","refsource":"MISC","url":"https://github.com/tremor-rs/tremor-runtime/pull/1217"},{"name":"https://github.com/tremor-rs/tremor-runtime/commit/1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e","refsource":"MISC","url":"https://github.com/tremor-rs/tremor-runtime/commit/1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e"},{"name":"https://github.com/tremor-rs/tremor-runtime/releases/tag/v0.11.6","refsource":"MISC","url":"https://github.com/tremor-rs/tremor-runtime/releases/tag/v0.11.6"}]},"source":{"advisory":"GHSA-mc22-5q92-8v85","discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T01:58:18.328Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/tremor-rs/tremor-runtime/security/advisories/GHSA-mc22-5q92-8v85"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/tremor-rs/tremor-runtime/pull/1217"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/tremor-rs/tremor-runtime/commit/1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/tremor-rs/tremor-runtime/releases/tag/v0.11.6"}]}]},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2021-39228","datePublished":"2021-09-17T14:00:15.000Z","dateReserved":"2021-08-16T00:00:00.000Z","dateUpdated":"2024-08-04T01:58:18.328Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}