RUSTSEC-2023-0015

Ascii allows out-of-bounds array indexing in safe code

Reported

February 25, 2023

Issued

February 25, 2023 (last modified: June 13, 2023)

Package

ascii (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Keywords

#ascii

Aliases

GHSA-mrrw-grhq-86gf

References

https://github.com/tomprogrammer/rust-ascii/issues/64

Patched

>=0.9.3

Unaffected

<=0.6.0

Description

Affected version of this crate had implementation of From<&mut AsciiStr> for &mut [u8] and &mut str. This can result in out-of-bounds array indexing in safe code.

The flaw was corrected in commit 8a6c779 by removing those impls.

Advisory available under CC0-1.0 license.