Dbn heap buffer overflow (#2097)

* Report Heap Buffer Overflow in dbn

* Report Heap Buffer Overflow in dbn

* Drop unrecognized field

---------

Co-authored-by: ydongyeon <[email protected]>
Co-authored-by: Sergey "Shnatsel" Davidoff <[email protected]>

Author: 3 people

crates/dbn/RUSTSEC-0000-0000.md

@@ -0,0 +1,17 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "dbn"
+date = "2024-10-07"
+url = "https://github.com/databento/dbn/issues/67"
+categories = ["memory-corruption"]
+keywords = ["Heap-Buffer-Overflow"]
+
+[versions]
+patched = ["> 0.22.0"]
+```
+# Heap Buffer overflow using c_chars_to_str function
+The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.
+
+If the chars array does not contain a null byte (\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.
+