Описание
Optional Deserialize implementations lacking validation
When activating the non-default feature serialize, most structs implement
serde::Deserialize without sufficient validation. This allows breaking
invariants in safe code, leading to:
- Undefined behavior in
as_string()methods (which usestd::str::from_utf8_unchecked()internally). - Panics due to failed assertions.
Пакеты
Наименование
raw-cpuid
rust
Затронутые версииВерсия исправления
>= 3.1.0, < 9.1.1
9.1.1