Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13bTh4LXBocDUtaHZxNs4AAx-c
Maligned causes incorrect deallocation
maligned::align_first manually allocates with an alignment larger than T, and then uses Vec::from_raw_parts on that allocation to get a Vec<T>.
GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory.
When deallocating, Box and Vec may not respect the specified alignment and can cause undefined behavior.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13bTh4LXBocDUtaHZxNs4AAx-c
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
Identifiers: GHSA-wm8x-php5-hvq6
References:
- https://github.com/tylerhawkes/maligned/issues/5
- https://doc.rust-lang.org/std/alloc/trait.GlobalAlloc.html#tymethod.dealloc
- https://rustsec.org/advisories/RUSTSEC-2023-0017.html
- https://github.com/advisories/GHSA-wm8x-php5-hvq6
Blast Radius: 0.0
Affected Packages
cargo:maligned
Dependent packages: 2Dependent repositories: 52
Downloads: 39,878 total
Affected Version Ranges: <= 0.2.1
No known fixed version
All affected versions: 0.0.0, 0.1.0, 0.2.0, 0.2.1