RUSTSEC-2023-0075

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0075

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0075.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0075

Aliases

GHSA-r24f-hg58-vfrw

Published

2023-12-20T12:00:00Z

Modified

2024-02-10T16:26:48.773264Z

Summary

Unaligned write of u64 on 32-bit and 16-bit platforms

Details

Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::write_unaligned. In platforms with sub-64bit alignment for usize (including wasm32 and x86) these writes are insufficiently aligned some of the time.

If using an ordinary optimized standard library, the bug exhibits Undefined Behavior so may or may not behave in any sensible way, depending on optimization settings and hardware and other things. If using a Rust standard library built with debug assertions enabled, the bug manifests deterministically in a crash (non-unwinding panic) saying "ptr::write requires that the pointer argument is aligned and non-null".

No 64-bit platform is impacted by the bug.

The flaw was corrected by allocating with adequately high alignment on all platforms.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / unsafe-libyaml

Package

Name: unsafe-libyaml; View open source insights on deps.dev
Purl: pkg:cargo/unsafe-libyaml

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.2.10

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": []
}