Описание
Out of bounds read in dync
VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access.
The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with proper alignment corresponding to original types.
Пакеты
Наименование
dync
rust
Затронутые версииВерсия исправления
< 0.5.0
0.5.0
Связанные уязвимости
CVSS3: 5.5
nvd
около 5 лет назад
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.