OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b40bd2ae822ca05d84ef0bfad0fdd71a8a15883a
advisory-db/crates/net2/RUSTSEC-2020-0078.md
Alexis Mousset c2b1e4cab4 Update aliases from GHSA OSV export (#1727)
2023-07-08 14:30:19 +02:00

25 lines
971 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2020-0078"
package = "net2"
date = "2020-11-07"
url = "https://github.com/deprecrated/net2-rs/issues/105"
keywords = ["memory", "layout", "cast"]
informational = "unsound"
aliases = ["CVE-2020-35919", "CVE-2020-35920", "GHSA-458v-4hrf-g3m4", "GHSA-c79c-gwph-gqfm"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
[versions]
patched = [">= 0.2.36"]
```
# `net2` invalidly assumes the memory layout of std::net::SocketAddr
The [`net2`](https://crates.io/crates/net2) crate has assumed `std::net::SocketAddrV4`
and `std::net::SocketAddrV6` have the same memory layout as the system C representation
`sockaddr`. It has simply casted the pointers to convert the socket addresses to the
system representation. The standard library does not say anything about the memory
layout, and this will cause invalid memory access if the standard library
changes the implementation. No warnings or errors will be emitted once the
change happens.
Reference in New Issue View Git Blame Copy Permalink