mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
Sergey "Shnatsel" Davidoff
GitHub
23
crates/rgb/RUSTSEC-0000-0000.toml
Normal file
23
crates/rgb/RUSTSEC-0000-0000.toml
Normal file
@@ -0,0 +1,23 @@
|
||||
[advisory]
|
||||
id = "RUSTSEC-0000-0000"
|
||||
package = "rgb"
|
||||
date = "2020-10-14"
|
||||
title = "Allows viewing and modifying arbitrary structs as bytes"
|
||||
url = "https://github.com/kornelski/rust-rgb/issues/35"
|
||||
informational = "unsound"
|
||||
keywords = ["type confusion"]
|
||||
description = """
|
||||
Affected versions of rgb crate allow viewing and modifying data of any type `T` wrapped in `RGB<T>` as bytes,
|
||||
and do not correctly constrain `RGB<T>` and other wrapper structures to the types for which it is safe to do so.
|
||||
|
||||
Safety violation possible for a type wrapped in `RGB<T>` and similar wrapper structures:
|
||||
|
||||
* If `T` contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory.
|
||||
* If `T` contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers.
|
||||
* Any safety and/or validity invariants for `T` may be violated.
|
||||
|
||||
The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.
|
||||
"""
|
||||
[versions]
|
||||
patched = [">= 0.8.20"]
|
||||
unaffected = ["< 0.5.4"]
|
||||
Reference in New Issue
Block a user