2 matches found
CVE-2021-45709
CVE-2021-45709 affects the crypto2 crate for Rust up to 2021-10-08, where during ChaCha20 encryption/decryption an unaligned read of a u32 may occur. Related sources (OSV/GHSA/RUSTSEC) describe the root cause as incorrect assumptions about 4-byte alignment in an unsafe slice::from_raw_parts_mut c...
aes-keywrap-rs (>=0.1.0 <=0.2.0), shadowsocks (>=1.10.0 <=1.12.3) +1 more potentially affected by CVE-2021-45709 via crypto2 (=0.1.2)
crypto2 CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on crypto2 and may be impacted: - aes-keywrap-rs =0.1.0, =1.10.0, =0.1.0, =0.2.5 Source cves: CVE-2021-45709 Source advisory: OSV:RUSTSEC-2021-0121...