RUSTSEC-2020-0050

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0050

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0050.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0050

Aliases

CVE-2020-35903
GHSA-qxjq-v4wf-ppvh

Published

2020-09-27T12:00:00Z

Modified

2023-11-08T04:03:38.488178Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

VecCopy allows misaligned access to elements

Details

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access.

The issue was resolved in v0.5.0 by replacing data being stored by Vec<u8> with a custom managed pointer. Elements are now stored and retrieved using types with proper alignment corresponding to original types.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / dync

Package

Name: dync; View open source insights on deps.dev
Purl: pkg:cargo/dync

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.5.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "informational": "unsound",
    "categories": []
}