OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix typos in RUSTSEC-2023-0033 (#1685)

Browse Source 
* Fix typos in RUSTSEC-2023-0033.md

* Update RUSTSEC-2023-0033.md
This commit is contained in:
Max Ammann
2023-04-13 13:43:33 -04:00
committed by GitHub
parent f2f107fb96
commit 23ff35f825
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
crates/borsh/RUSTSEC-2023-0033.md
View File

@@ -15,8 +15,11 @@ patched = []
# Parsing borsh messages with ZST which are not-copy/clone is unsound
Affected versions of borsh cause undefined behaviour when zero-sized-types (ZST) are parsed and the Copy/Clone traits are not implemented/derived.
For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy (this can be achieved through a a singleton),
then accessing/writing to deserialized data will cause a segmentation fault.
Affected versions of borsh cause undefined behavior when zero-sized-types (ZST)
are parsed and the Copy/Clone traits are not implemented/derived.
For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy
(this can be achieved through a singleton), then accessing/writing to deserialized
data will cause a segmentation fault.
There is currently no way for borsh to read data without also providing a Rust type. Therefore, it there are not ZST used for serialization, then you are not affected by this issue.
There is currently no way for borsh to read data without also providing a Rust type.
Therefore, if not ZST are used for serialization, then you are not affected by this issue.