Skip to content

cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`

Moderate severity GitHub Reviewed Published Jun 22, 2023 to the GitHub Advisory Database • Updated Jun 22, 2023

Package

cargo cyfs-base (Rust)

Affected versions

<= 0.6.12

Patched versions

None

Description

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function.

References

Published to the GitHub Advisory Database Jun 22, 2023
Reviewed Jun 22, 2023
Last updated Jun 22, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-g753-ghr7-q33w

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.