Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk

prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:

  1. To guarantee the size is correct, we have to first do Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined behavior (UB).
  2. Even if (1) is sound, &Vec<T> and &[T] still might not have the same layout. Treating them equally may lead to undefinted behavior (UB).
Permalink: https://github.com/advisories/GHSA-gfgm-chr3-x6px
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago


Identifiers: GHSA-gfgm-chr3-x6px
References: Repository: https://github.com/phsym/prettytable-rs

Affected Packages

cargo:prettytable-rs
Dependent packages: 433
Dependent repositories: 1,706
Downloads: 7,401,147 total
Affected Version Ranges: < 0.10.0
Fixed in: 0.10.0
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.7.0, 0.8.0, 0.9.0
All unaffected versions: 0.10.0