RUSTSEC-2018-0013

Vec-to-vec transmutations could lead to heap overflow/corruption

Issued
Package
safe-transmute (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
Patched
  • >=0.10.1
Unaffected
  • <0.4.0
Keywords
  • memory-corruption

Description

Affected versions of this crate switched the length and capacity arguments in the Vec::from_raw_parts() constructor, which could lead to memory corruption or data leakage.

The flaw was corrected by using the constructor correctly.

More