Reported

June 14, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

rgb (crates.io)

Type

INFO Unsound

Keywords

#type-confusion

Aliases

• CVE-2020-25016
• GHSA-g4rw-8m5q-6453

References

• https://github.com/kornelski/rust-rgb/issues/35

CVSS Score

9.1 CRITICAL

CVSS Details

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Patched

• >=0.8.20

Unaffected

• <0.5.4

Description

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB<T> as bytes, and do not correctly constrain RGB<T> and other wrapper structures to the types for which it is safe to do so.

Safety violation possible for a type wrapped in RGB<T> and similar wrapper structures:

• If T contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory.
• If T contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers.
• Any safety and/or validity invariants for T may be violated.

The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.

Advisory available under CC0-1.0 license.