RUSTSEC-2020-0029
Allows viewing and modifying arbitrary structs as bytes
- Reported
- Issued
- Package
- rgb (crates.io)
- Type
- INFO Unsound
- Keywords
- #type-confusion
- Aliases
- References
- CVSS Score
- 9.1 CRITICAL
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- None
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Patched
-
>=0.8.20
- Unaffected
-
<0.5.4
Description
Affected versions of rgb crate allow viewing and modifying data of any type T
wrapped in RGB<T>
as bytes,
and do not correctly constrain RGB<T>
and other wrapper structures to the types for which it is safe to do so.
Safety violation possible for a type wrapped in RGB<T>
and similar wrapper structures:
- If
T
contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory. - If
T
contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers. - Any safety and/or validity invariants for
T
may be violated.
The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.
Advisory available under CC0-1.0 license.