GHSA-c439-chv8-8g2j

Suggest an improvement
Source
https://github.com/advisories/GHSA-c439-chv8-8g2j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c439-chv8-8g2j/GHSA-c439-chv8-8g2j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c439-chv8-8g2j
Aliases
Published
2022-09-02T22:29:41Z
Modified
2023-11-08T04:18:12.374709Z
Summary
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
Details

The os_socketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation.

These layout were changed into idiomatic rust types in nightly std. Starting from rustc 1.64 the affected versions of this crate will have undefined behaviour.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-02T22:29:41Z"
}
References

Affected packages

crates.io / os_socketaddr

Package

Name
os_socketaddr
View open source insights on deps.dev
Purl
pkg:cargo/os_socketaddr

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.2