Reported

September 3, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

obstack (crates.io)

Type

INFO Unsound

Aliases

• CVE-2020-35894
• GHSA-85j6-f8j6-q26x

References

• https://github.com/petertodd/rust-obstack/issues/4

CVSS Score

7.5 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

High

Availability Impact

None

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Patched

• >=0.1.4

Description

Obstack generates unaligned references for types that require a large alignment.

Advisory available under CC0-1.0 license.