Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01dndjLXI0OGctd2o2Y80fhw
Abomonation transmutes &T to and from &[u8] without sufficient constraints
An issue was discovered in the abomonation crate through version 0.7.3 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
Permalink: https://github.com/advisories/GHSA-5vwc-r48g-wj6cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01dndjLXI0OGctd2o2Y80fhw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-5vwc-r48g-wj6c, CVE-2021-45708
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-45708
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/abomonation/RUSTSEC-2021-0120.md
- https://rustsec.org/advisories/RUSTSEC-2021-0120.html
- https://github.com/TimelyDataflow/abomonation/issues/23
- https://github.com/advisories/GHSA-5vwc-r48g-wj6c
Blast Radius: 19.0
Affected Packages
cargo:abomonation
Dependent packages: 21Dependent repositories: 342
Downloads: 824,584 total
Affected Version Ranges: <= 0.7.3
No known fixed version
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.5.0, 0.7.0, 0.7.1, 0.7.2, 0.7.3