Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jNDM5LWNodjgtOGcyas4AAumV
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The os_socketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation.
These layout were changed into idiomatic rust types in nightly std. Starting from rustc 1.64 the affected versions of this crate will have undefined behaviour.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNDM5LWNodjgtOGcyas4AAumV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago
Identifiers: GHSA-c439-chv8-8g2j
References:
- https://github.com/a-ba/os_socketaddr/issues/3
- https://github.com/rust-lang/rust/pull/78802
- https://github.com/a-ba/os_socketaddr/commit/1bc7f71d40de069727993a18fdada33eb0b4c94f
- https://rustsec.org/advisories/RUSTSEC-2022-0052.html
- https://github.com/advisories/GHSA-c439-chv8-8g2j
Blast Radius: 0.0
Affected Packages
cargo:os_socketaddr
Dependent packages: 14Dependent repositories: 9
Downloads: 136,010 total
Affected Version Ranges: < 0.2.2
Fixed in: 0.2.2
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.2.1
All unaffected versions: 0.2.2, 0.2.3, 0.2.4, 0.2.5