Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mOWc2LWZwODQtZnY5Ms4AA0zv
impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of reproducing the bug are available here.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOWc2LWZwODQtZnY5Ms4AA0zv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-f9g6-fp84-fv92
References:
- https://github.com/vhbit/lmdb-rs/issues/67
- https://rustsec.org/advisories/RUSTSEC-2023-0047.html
- https://github.com/advisories/GHSA-f9g6-fp84-fv92
Blast Radius: 0.0
Affected Packages
cargo:lmdb-rs
Dependent packages: 4Dependent repositories: 4
Downloads: 416,990 total
Affected Version Ranges: <= 0.7.6
No known fixed version
All affected versions: 0.0.7, 0.0.8, 0.1.0, 0.1.1, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.3.0, 0.3.2, 0.3.3, 0.3.4, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6