Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

This advisory is also published as RUSTSEC-2023-0074.

The Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound and may allow safe code to exhibit undefined behavior when used with Ref<B, T> where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut.

See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.

The current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.

Permalink: https://github.com/advisories/GHSA-3mv5-343c-w2qg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 5 months ago
Updated: 5 months ago

Identifiers: GHSA-3mv5-343c-w2qg
References:

• https://github.com/google/zerocopy/security/advisories/GHSA-3mv5-343c-w2qg
• https://github.com/google/zerocopy/issues/679
• https://github.com/google/zerocopy/issues/716
• https://rustsec.org/advisories/RUSTSEC-2023-0074.html
• https://github.com/advisories/GHSA-3mv5-343c-w2qg

Repository: https://github.com/google/zerocopy
Blast Radius: 0.0

Affected Packages