EUVD-2022-0545

Malicious code in bioql PyPI...

GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Use of a Broken or Risky Cryptographic Algorithm in crypto2

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Mozilla Rust has an unspecified vulnerability (CNVD-2022-03129)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A security vulnerability exists in versions of Rust crypto2 crate prior to 2021-10-08, which stems from a possible unaligned read of u32 during Chacha20 encryption and decryption. No details of the vulnerability...

Design/Logic Flaw

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur...