RUSTSEC-2023-0047

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0047

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0047.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0047

Aliases

GHSA-f9g6-fp84-fv92

Published

2023-06-26T12:00:00Z

Modified

2023-11-08T04:18:55.242781Z

Summary

impl `FromMdbValue` for bool is unsound

Details

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of reproducing the bug were included in url above.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / lmdb-rs

Package

Name: lmdb-rs; View open source insights on deps.dev
Purl: pkg:cargo/lmdb-rs

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": []
}