Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZodjQtZngzdi03N3c2

High EPSS: 0.00353% (0.56631 Percentile) EPSS:
Permalink JSON

quinn invalidly assumes the memory layout of std::net::SocketAddr

Affected Packages Affected Versions Fixed Versions
cargo:quinn >= 0.6.0, < 0.6.2, < 0.5.4 0.6.2, 0.5.4
146 Dependent packages
1,193 Dependent repositories
58,502,027 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1

All unaffected versions

0.5.4, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.6, 0.11.7, 0.11.8

The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.

References:

Identifiers

GHSA-fhv4-fx3v-77w6

CVE-2021-28036

Risk

Severity

High

EPSS

EPSS Percentage: 0.00353

EPSS Percentile: 0.56631

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/quinn-rs/quinn

Date and time

Published

almost 4 years ago

Updated

about 2 years ago

API

JSON