Описание
Use of a Broken or Risky Cryptographic Algorithm in crypto2
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::from_raw_parts_mut, which breaks the contract and introduces undefined behavior.
This affects Chacha20 encryption and decryption in crypto2.
Пакеты
Наименование
crypto2
rust
Затронутые версииВерсия исправления
<= 0.1.2
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.