Reported

July 30, 2021

Issued

September 9, 2021 (last modified: September 10, 2021)

Package

molecule (crates.io)

Type

Vulnerability

Aliases

• GHSA-82hm-vh7g-hrh9

Details

https://github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9

Patched

• >=0.7.2

Description

Anyone who uses total_size(..) function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release.