OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 18:50:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added note about invariants, specified resolution

Browse Source
This commit is contained in:
Sergey "Shnatsel" Davidoff
2020-08-14 21:24:17 +02:00
committed by GitHub
parent a61e5b2ca6
commit 9611ff4c0e
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
crates/rgb/RUSTSEC-0000-0000.toml
View File

@@ -10,11 +10,13 @@ description = """
Affected versions of rgb crate allow viewing and modifying data of any type `T` wrapped in `RGB<T>` as bytes,
and do not correctly constrain `RGB<T>` and other wrapper structures to the types for which it is safe to do so.
If a type containing padding is wrapped in `RGB<T>` and similar wrapper structures,
viewing it as bytes may lead to exposure of contents of uninitialized memory.
Safety violation possible for a type wrapped in `RGB<T>` and similar wrapper structures:
If a type containing a pointer is wrapped in `RGB<T>` and similar wrapper structures,
modifying it as bytes may lead to dereferencing of arbitrary pointers.
* If `T` contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory.
* If `T` contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers.
* Any safety and/or validity invariants for `T` may be violated.
The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.
"""
[versions]
patched = [">= 0.8.20"]