Lucene search
GoogleOSV:RUSTSEC-2020-0029HistoryJun 14, 2020 - 12:00 p.m.
Allows viewing and modifying arbitrary structs as bytes
2020-06-1412:00:00
Google
osv.dev
6
EPSS
0.002
Percentile
61.9%
Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB<T> as bytes,
and do not correctly constrain RGB<T> and other wrapper structures to the types for which it is safe to do so.
Safety violation possible for a type wrapped in RGB<T> and similar wrapper structures:
- If
Tcontains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory. - If
Tcontains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers. - Any safety and/or validity invariants for
Tmay be violated.
The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.
Related
github
github
Out of bounds access in rgb
2021-08-25 20:45:12
debiancve
debiancve
CVE-2020-25016
2020-08-29 16:15:09
prion
prion
Information disclosure
2020-08-29 16:15:00
rustsec
rustsec
Allows viewing and modifying arbitrary structs as bytes
2020-06-14 12:00:00
nvd
nvd
CVE-2020-25016
2020-08-29 16:15:09
cvelist
cvelist
CVE-2020-25016
2020-08-29 15:05:00
osv
osv
Out of bounds access in rgb
2021-08-25 20:45:12
cve
cve
CVE-2020-25016
2020-08-29 16:15:09
ubuntucve
ubuntucve
CVE-2020-25016
2020-08-29 00:00:00