OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 18:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for rgb

Browse Source
This commit is contained in:
Sergey "Shnatsel" Davidoff
2020-08-14 18:22:30 +02:00
committed by GitHub
parent fdc3c78d2c
commit 5cc0589551
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/rgb/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,21 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "rgb"
date = "2020-10-14"
title = "Allows viewing and modifying arbitrary structs as bytes"
url = "https://github.com/kornelski/rust-rgb/issues/35"
informational = "unsound"
keywords = ["type confusion"]
description = """
Affected versions of rgb crate allow viewing and modifying data any type `T` wrapped in `RGB<T>` as bytes,
and do not correctly constrain `RGB<T>` and other wrapper structures to the types for which it is safe to do so.
If a type containing madding is wrapped in `RGB<T>` and similar wrapper structures,
viewing it as bytes may lead to exposure of contents of uninitialized memory.
If a type containing a pointer is wrapped in `RGB<T>` and similar wrapper structures,
modifying it as bytes may lead to derefericing of arbitrary pointers.
"""
[versions]
patched = [">= 0.8.20"]
unaffected = ["< 0.5.4"]