Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nNzUzLWdocjctcTMzd84AAz_4
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nNzUzLWdocjctcTMzd84AAz_4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 11 months ago
Identifiers: GHSA-g753-ghr7-q33w
References:
- https://github.com/buckyos/CYFS/issues/275
- https://github.com/buckyos/CYFS/commit/e030188895096fd8d91d48753877729f4d37dd24
- https://rustsec.org/advisories/RUSTSEC-2023-0046.html
- https://github.com/advisories/GHSA-g753-ghr7-q33w
Blast Radius: 0.0
Affected Packages
cargo:cyfs-base
Dependent packages: 15Dependent repositories: 2
Downloads: 11,386 total
Affected Version Ranges: <= 0.6.12
No known fixed version
All affected versions: 0.1.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12