From 59207d0d65096f56a941d306ef8f39d5e04fd6ab Mon Sep 17 00:00:00 2001
From: Yewan Na <135602531+nyw0102@users.noreply.github.com>
Date: Mon, 3 Mar 2025 23:01:53 +0900
Subject: [PATCH 1/3] Create RUSTSEC-0000-0000.md

---
 crates/xmas-elf/RUSTSEC-0000-0000.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/xmas-elf/RUSTSEC-0000-0000.md

diff --git a/crates/xmas-elf/RUSTSEC-0000-0000.md b/crates/xmas-elf/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..402571ede
--- /dev/null
+++ b/crates/xmas-elf/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "xmas-elf"
+date = "2025-03-03"
+url = "https://github.com/nrc/xmas-elf/issues/86"
+categories = ["memory-corruption"]
+
+[affected]
+functions = { "xmas_elf::hash::HashTable::get_bucket" = ["*"] }
+
+[versions]
+patched = []
+```
+# Stack-buffer-overflow in HashTable Struct
+In this case, the "get_bucket" method within the HashTable struct uses the unsafe keyword to access memory with assert function protection.
+However, it is still vulnerable because "bucket_count" which stands for the size of hashtable and offset value of the hashtable can be manipulated by users. 
+When "bucket_count" is set bigger value than first_bucket's actual length, it can lead to invalid memory access which violates Rust’s memory safety guarantees. 
+Also, as hash.rs is public module, it can be used externally, which means that it is an actual vulnerability.

From c47a9d8cdfb3983afd94bfe29c219536cd8fa188 Mon Sep 17 00:00:00 2001
From: Yewan Na <135602531+nyw0102@users.noreply.github.com>
Date: Sat, 22 Mar 2025 14:14:51 +0900
Subject: [PATCH 2/3] Update RUSTSEC-0000-0000.md

---
 crates/xmas-elf/RUSTSEC-0000-0000.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crates/xmas-elf/RUSTSEC-0000-0000.md b/crates/xmas-elf/RUSTSEC-0000-0000.md
index 402571ede..6851dd5d2 100644
--- a/crates/xmas-elf/RUSTSEC-0000-0000.md
+++ b/crates/xmas-elf/RUSTSEC-0000-0000.md
@@ -7,13 +7,14 @@ url = "https://github.com/nrc/xmas-elf/issues/86"
 categories = ["memory-corruption"]
 
 [affected]
-functions = { "xmas_elf::hash::HashTable::get_bucket" = ["*"] }
+functions = { "xmas_elf::hash::HashTable::get_bucket" = ["<0.10"] }
 
 [versions]
-patched = []
+patched = [>=0.10]
 ```
 # Stack-buffer-overflow in HashTable Struct
 In this case, the "get_bucket" method within the HashTable struct uses the unsafe keyword to access memory with assert function protection.
+A maliciously crafted ELF file can present an invalid SectionData HashTable that causes xmas-elf to access memory out of bounds
 However, it is still vulnerable because "bucket_count" which stands for the size of hashtable and offset value of the hashtable can be manipulated by users. 
 When "bucket_count" is set bigger value than first_bucket's actual length, it can lead to invalid memory access which violates Rust’s memory safety guarantees. 
 Also, as hash.rs is public module, it can be used externally, which means that it is an actual vulnerability.

From ccad69e12d1b2a9a50ffc0fc88fa6b1c0232f48a Mon Sep 17 00:00:00 2001
From: Yewan Na <135602531+nyw0102@users.noreply.github.com>
Date: Sat, 22 Mar 2025 14:27:32 +0900
Subject: [PATCH 3/3] Update RUSTSEC-0000-0000.md

---
 crates/xmas-elf/RUSTSEC-0000-0000.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/xmas-elf/RUSTSEC-0000-0000.md b/crates/xmas-elf/RUSTSEC-0000-0000.md
index 6851dd5d2..0068ded07 100644
--- a/crates/xmas-elf/RUSTSEC-0000-0000.md
+++ b/crates/xmas-elf/RUSTSEC-0000-0000.md
@@ -10,7 +10,7 @@ categories = ["memory-corruption"]
 functions = { "xmas_elf::hash::HashTable::get_bucket" = ["<0.10"] }
 
 [versions]
-patched = [>=0.10]
+patched = [">=0.10"]
 ```
 # Stack-buffer-overflow in HashTable Struct
 In this case, the "get_bucket" method within the HashTable struct uses the unsafe keyword to access memory with assert function protection.