RUSTSEC-2022-0092

rmp-serde Raw and RawRef unsound

Reported

April 13, 2022

Issued

March 22, 2023

Package

rmp-serde (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Details

https://github.com/3Hren/msgpack-rust/issues/305

Patched

>=1.1.1

Description

It was found that Raw::from_utf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash.