4 matches found
GHSA-H7H7-6MX3-R89V Fyrox has unsound usages of `Vec::from_raw_parts`
The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...
PT-2025-7252 · Fyrox · Fyrox
Name of the Vulnerable Software and Affected Versions: Fyrox versions prior to the latest version on the master branch Description: The issue arises from the transmute vec as bytes API, which incorrectly assumes that any generic type T has a stable layout. This can lead to uninitialized memory...
Unsound usages of `Vec::from_raw_parts`
The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...
PT-2024-41060 · Fyrox · Fyrox
Name of the Vulnerable Software and Affected Versions: Fyrox versions prior to the latest version on the master branch Description: The issue arises from the transmute vec as bytes API, which incorrectly assumes that any generic type T has a stable layout. This can lead to uninitialized memory...