Описание
Generated code can read and write out of bounds in safe code
Code generated by flatbuffers' compiler is unsafe but not marked as such.
See https://github.com/google/flatbuffers/issues/6627 for details.
All users that use generated code by flatbuffers compiler are recommended to:
- not expose flatbuffer generated code as part of their public APIs
- audit their code and look for any usage of
follow,push, or any method that uses them (e.g.self_follow). - Carefuly go through the crates' documentation to understand which "safe" APIs are not intended to be used.
Пакеты
Наименование
flatbuffers
rust
Затронутые версииВерсия исправления
< 22.9.29
22.9.29
9.8 Critical
CVSS3
9.8 Critical
CVSS3