Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:
- To guarantee the size is correct, we have to first do
Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined behavior (UB). - Even if (1) is sound,
&Vec<T>and&[T]still might not have the same layout. Treating them equally may lead to undefinted behavior (UB).
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: almost 2 years ago
Identifiers: GHSA-gfgm-chr3-x6px
References:
- https://github.com/phsym/prettytable-rs/issues/145
- https://rustsec.org/advisories/RUSTSEC-2022-0074.html
- https://github.com/advisories/GHSA-gfgm-chr3-x6px
Blast Radius: 0.0
Affected Packages
cargo:prettytable-rs
Dependent packages: 485Dependent repositories: 1,706
Downloads: 9,777,371 total
Affected Version Ranges: < 0.10.0
Fixed in: 0.10.0
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.7.0, 0.8.0, 0.9.0
All unaffected versions: 0.10.0