EUVD-2022-0545

Malicious code in bioql PyPI...

Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

aes-keywrap-rs (>=0.1.0 <=0.2.0), shadowsocks (>=1.10.0 <=1.12.3) +1 more potentially affected by CVE-2021-45709 via crypto2 (=0.1.2)

crypto2 CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on crypto2 and may be impacted: - aes-keywrap-rs =0.1.0, =1.10.0, =0.1.0, =0.2.5 Source cves: CVE-2021-45709 Source advisory: OSV:GHSA-PMCV-MGCF-RVXG...

GHSA-9HFG-PXR6-Q4VP Use of a Broken or Risky Cryptographic Algorithm in crypto2

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

aes-keywrap-rs (>=0.1.0 <=0.2.0), shadowsocks (>=1.10.0 <=1.12.3) +1 more potentially affected by CVE-2021-45709 via crypto2 (=0.1.2)

crypto2 CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on crypto2 and may be impacted: - aes-keywrap-rs =0.1.0, =1.10.0, =0.1.0, =0.2.5 Source cves: CVE-2021-45709 Source advisory: OSV:GHSA-9HFG-PXR6-Q4VP...

Mozilla Rust has an unspecified vulnerability (CNVD-2022-03129)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A security vulnerability exists in versions of Rust crypto2 crate prior to 2021-10-08, which stems from a possible unaligned read of u32 during Chacha20 encryption and decryption. No details of the vulnerability...

CVE-2021-45709

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur...

Design/Logic Flaw

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur...

CVE-2021-45709

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur...

CVE-2021-45709

CVE-2021-45709 affects the crypto2 crate for Rust up to 2021-10-08, where during ChaCha20 encryption/decryption an unaligned read of a u32 may occur. Related sources (OSV/GHSA/RUSTSEC) describe the root cause as incorrect assumptions about 4-byte alignment in an unsafe slice::from_raw_parts_mut c...

RUSTSEC-2021-0121 Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

aes-keywrap-rs (>=0.1.0 <=0.2.0), shadowsocks (>=1.10.0 <=1.12.3) +1 more potentially affected by CVE-2021-45709 via crypto2 (=0.1.2)

crypto2 CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on crypto2 and may be impacted: - aes-keywrap-rs =0.1.0, =1.10.0, =0.1.0, =0.2.5 Source cves: CVE-2021-45709 Source advisory: OSV:RUSTSEC-2021-0121...

PT-2021-24283 · Crypto2 · Crypto2

Name of the Vulnerable Software and Affected Versions: crypto2 crate through 2021-10-08 for Rust Description: An issue was discovered in the crypto2 crate that affects Chacha20 encryption and decryption. The implementation does not enforce alignment requirements on input slices, incorrectly...