4 matches found
GHSA-74R5-G7VC-J2V2 zerovec-derive incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
zerovec-derive incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
ayaka-model (=0.2.0), ayaka-runtime (=0.2.0) +16 more potentially affected by unknown CVE via zerovec-derive (>=0.6.0 <=0.8.0)
zerovec-derive CARGO version =0.6.0, =0.6.0, =1.0.0-beta1 - icuproviderblob =1.0.0-beta1 - icusegmenter =1.0.0-alpha1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-74R5-G7VC-J2V2...
ayaka-model (=0.2.0), ayaka-runtime (=0.2.0) +16 more potentially affected by unknown CVE via zerovec-derive (>=0.6.0 <=0.8.0)
zerovec-derive CARGO version =0.6.0, =0.6.0, =1.0.0-beta1 - icuproviderblob =1.0.0-beta1 - icusegmenter =1.0.0-alpha1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0346...