Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qY3I2LTRmcnEtOWdqas4AA1zQ

Users vulnerable to unaligned read of `*const *const c_char` pointer

Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior.

In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibility of working correctly in some architectures.

The crate is not currently maintained, so a patched version is not available.

Recommended alternatives

uzers (an actively maintained fork of the users crate)
sysinfo

Permalink: https://github.com/advisories/GHSA-jcr6-4frq-9gjj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qY3I2LTRmcnEtOWdqas4AA1zQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 8 months ago

Identifiers: GHSA-jcr6-4frq-9gjj
References:

Repository: https://github.com/ogham/rust-users
Blast Radius: 0.0

Affected Packages

cargo:users

Dependent packages: 197
Dependent repositories: 1,167
Downloads: 7,159,650 total
Affected Version Ranges: <= 0.11.0
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0