7 matches found
EUVD-2025-4901
Malicious code in bioql PyPI...
Unsound usages of `Vec::from_raw_parts`
The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...
Maligned causes incorrect deallocation
maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...
RUSTSEC-2023-0017 `maligned::align_first` causes incorrect deallocation
maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...
`maligned::align_first` causes incorrect deallocation
maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...
Heap overflow or corruption in safe-transmute
Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage...
Vec-to-vec transmutations could lead to heap overflow/corruption
Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage. The flaw was corrected by using the constructor correctly...