Intel

AIKIDO-2026-286955

peroxide is vulnerable to Out-of-Bounds Write

Out-of-Bounds Write Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 3 days ago

59

Medium Risk

This Affects:

RUSTperoxide
0.14.0 - 0.41.2
Fixed in 0.42.0
Are you affected? Scan for Free

TL;DR

The Matrix and ComplexMatrix types in peroxide expose their data, row, and col fields publicly, and the internal unsafe code that backs matrix operations trusts these fields without checking that the buffer length matches row * col. Safe code can construct a matrix whose data length disagrees with its dimensions, and operations that reach the raw-pointer, BLAS, and index-arithmetic paths then read and write past the end of the heap buffer. This makes heap out-of-bounds reads and writes reachable without any unsafe in user code, allowing memory corruption and disclosure of adjacent heap memory. The fix makes the fields crate-private and adds a length assertion in the matrix and cmatrix constructors so the invariant can no longer be broken from outside the crate.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your code sets the public matrix fields to values where the buffer length does not match the row and column counts.

Background info

peroxide is vulnerable to Out-of-Bounds Write in versions 0.14.0 - 0.41.2.

How to fix this

Upgrade the peroxide library to the patch version.