4 matches found
CVE-2019-25004
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...
arrow (>=0.14.0 <=0.15.1), blockbuffers (=0.1.0) +12 more potentially affected by CVE-2019-25004 via flatbuffers (>=0.4.0 <=0.5.0)
flatbuffers CARGO version =0.4.0, =0.14.0, =0.1.8, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =0.2.0, =3.0.0, =1.0.0, =1.1.2, =1.2.0, =1.3.2 Source cves: CVE-2019-25004 Source advisory: OSV:GHSA-GX73-2498-R55C...
CVE-2019-25004
CVE-2019-25004 affects the Rust crate flatbuffers prior to 0.6.1. The root cause is an implementation of impl Follow for bool that allows arbitrary bytes to be reinterpreted as a bool, defeating soundness. This could enable a remote attacker to bypass security restrictions by sending specially cr...
arrow (>=0.14.0 <=0.15.1), blockbuffers (=0.1.0) +12 more potentially affected by CVE-2019-25004 via flatbuffers (>=0.4.0 <=0.5.0)
flatbuffers CARGO version =0.4.0, =0.14.0, =0.1.8, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =0.2.0, =3.0.0, =1.0.0, =1.1.2, =1.2.0, =1.3.2 Source cves: CVE-2019-25004 Source advisory: OSV:RUSTSEC-2019-0028...