Reported

June 15, 2023

Issued

June 22, 2023 (last modified: July 8, 2023)

Package

cyfs-base (crates.io)

Type

INFO Unsound

Keywords

#alignment #unsound

Aliases

• GHSA-g753-ghr7-q33w

References

• https://github.com/buckyos/CYFS/issues/275

Patched

no patched versions

Description

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function.

Advisory available under CC0-1.0 license.