GHSA-qxjq-v4wf-ppvh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qxjq-v4wf-ppvh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-qxjq-v4wf-ppvh/GHSA-qxjq-v4wf-ppvh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qxjq-v4wf-ppvh
- Aliases
-
- CVE-2020-35903
- RUSTSEC-2020-0050
- Published
- 2021-08-25T20:49:47Z
- Modified
- 2023-11-08T04:03:38.488178Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Out of bounds read in dync
- Details
-
VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access.
The issue was resolved in v0.5.0 by replacing data being stored by Vec<u8> with a custom managed pointer. Elements are now stored and retrieved using types with proper alignment corresponding to original types.
- Database specific
{ "nvd_published_at": "2020-12-31T09:15:00Z", "cwe_ids": [ "CWE-125" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-08-19T20:50:45Z" }- References
Affected packages
crates.io / dync
Package
- Name
- dync
- View open source insights on deps.dev
- Purl
- pkg:cargo/dync