- Reported
-
- Issued
-
- Package
-
traitobject
(crates.io)
- Type
-
INFO
Unsound
- Categories
-
- Aliases
-
- References
-
- CVSS Score
- 9.8
CRITICAL
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Patched
-
no patched versions
- Affected Functions
- Version
traitobject::data-
traitobject::data_mut-
Description
This crate gets the data pointer from fat pointers assuming that the first
element in a fat pointer is the data pointer. This is currently true, but
it may change in a future Rust version, leading to memory corruption.
This has been fixed in the master branch of the crate, but is has not
been released into crates.io.
Advisory available under CC0-1.0
license.