2 matches found
rcc-solana (=0.1.0) potentially affected by unknown CVE via spl-token-swap (=3.0.0)
spl-token-swap CARGO version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on spl-token-swap and may be impacted: - rcc-solana =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-H6XM-C6R4-VMWF...
GHSA-H6XM-C6R4-VMWF Unsound usages of `u8` type casting in spl-token-swap
The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...