GHSA-r24f-hg58-vfrw

Suggest an improvement
Source
https://github.com/advisories/GHSA-r24f-hg58-vfrw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-r24f-hg58-vfrw/GHSA-r24f-hg58-vfrw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r24f-hg58-vfrw
Aliases
Related
Published
2023-12-21T18:14:34Z
Modified
2024-02-10T16:26:48.773264Z
Summary
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Details

Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::write_unaligned. In platforms with sub-64bit alignment for usize (including wasm32 and x86) these writes are insufficiently aligned some of the time.

If using an ordinary optimized standard library, the bug exhibits Undefined Behavior so may or may not behave in any sensible way, depending on optimization settings and hardware and other things. If using a Rust standard library built with debug assertions enabled, the bug manifests deterministically in a crash (non-unwinding panic) saying "ptr::write requires that the pointer argument is aligned and non-null".

No 64-bit platform is impacted by the bug.

The flaw was corrected by allocating with adequately high alignment on all platforms.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-21T18:14:34Z"
}
References

Affected packages

crates.io / unsafe-libyaml

Package

Name
unsafe-libyaml
View open source insights on deps.dev
Purl
pkg:cargo/unsafe-libyaml

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.10