OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a47cd63007d20e5e0d58c4de945ac2e6b7cd70d0
advisory-db/crates/flatbuffers/RUSTSEC-2021-0122.md
github-actions[bot] 9e93a3df4a Assigned RUSTSEC-2021-0122 to flatbuffers (#1100) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
2021-11-07 10:53:20 -07:00

818 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0122"
package = "flatbuffers"
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
date = "2021-10-31"
url = "https://github.com/google/flatbuffers/issues/6627"

[versions]
patched = []

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details.

All users that use generated code by flatbuffers compiler are recommended to:

  1. not expose flatbuffer generated code as part of their public APIs
  2. audit their code and look for any usage of follow, push, or any method that uses them (e.g. self_follow).
  3. Carefuly go through the crates' documentation to understand which "safe" APIs are not intended to be used.