RUSTSEC-2020-0050

Source
https://rustsec.org/advisories/RUSTSEC-2020-0050
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0050.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0050
Aliases
Published
2020-09-27T12:00:00Z
Modified
2023-11-08T04:03:38.488178Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
VecCopy allows misaligned access to elements
Details

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access.

The issue was resolved in v0.5.0 by replacing data being stored by Vec<u8> with a custom managed pointer. Elements are now stored and retrieved using types with proper alignment corresponding to original types.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / dync

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.5.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "informational": "unsound",
    "categories": []
}