Описание
Unsound casting in flatbuffers
The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool.
In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.
Пакеты
Наименование
flatbuffers
rust
Затронутые версииВерсия исправления
>= 0.4.0, < 0.6.1
0.6.1
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.