How Mayhem Helped Uncover a Security Vulnerability in RustOS (CVE-2022-36086)
ForAllSecure
DECEMBER 1, 2022
Earlier this year, I reported a security vulnerability in Rust’s linked-list-allocator to the RustOS Dev team, which was assigned CVE-2022-36086. This library is designed for use in embedded and bootloader contexts, where we don't have the standard library's Vec or Box for dynamic memory. CVE-2022-36086. The Target.
Let's personalize your content