Reported

July 30, 2021

Issued

September 9, 2021 (last modified: June 13, 2023)

Package

molecule (crates.io)

Type

Vulnerability

Aliases

• CVE-2021-45697
• GHSA-6p3c-v8vc-c244
• GHSA-82hm-vh7g-hrh9

References

• https://github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9

Patched

• >=0.7.2

Description

Anyone who uses total_size(..) function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release.

Advisory available under CC0-1.0 license.