Описание
Soundness issue in raw-cpuid
VendorInfo::as_string(), SoCVendorBrand::as_string(), and ExtendedFunctionInfo::processor_brand_string() construct byte slices using std::slice::from_raw_parts(), with data coming from #[repr(Rust)] structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs #[repr(C)].
Пакеты
Наименование
raw-cpuid
rust
Затронутые версииВерсия исправления
< 9.0.0
9.0.0
Связанные уязвимости
CVSS3: 7.5
nvd
около 5 лет назад
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.