HistoryEdit

RUSTSEC-2020-0050

VecCopy allows misaligned access to elements

Issued
Package
dync (crates.io)
Type
INFO Unsound
Aliases
Details
https://github.com/elrnv/dync/issues/4
CVSS Score
5.5 MEDIUM
CVSS Details
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.5.0

Description

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access.

The issue was resolved in v0.5.0 by replacing data being stored by Vec<u8> with a custom managed pointer. Elements are now stored and retrieved using types with proper alignment corresponding to original types.