GHSA-c439-chv8-8g2j

Source

https://github.com/advisories/GHSA-c439-chv8-8g2j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c439-chv8-8g2j/GHSA-c439-chv8-8g2j.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c439-chv8-8g2j

Aliases

RUSTSEC-2022-0052

Published

2022-09-02T22:29:41Z

Modified

2023-11-08T04:18:12.374709Z

Summary

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

Details

The os_socketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation.

These layout were changed into idiomatic rust types in nightly std. Starting from rustc 1.64 the affected versions of this crate will have undefined behaviour.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-02T22:29:41Z"
}

References

Affected packages

crates.io / os_socketaddr

Package

Name: os_socketaddr; View open source insights on deps.dev
Purl: pkg:cargo/os_socketaddr

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.2