rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ac125ee29a3b934fc00f52bf56031dc837e9384d
advisory-db/crates/rgb/RUSTSEC-2020-0029.md
Tony Arcieri ac125ee29a Translate database into V3 advisory format (#420) 
As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
2020-10-01 18:29:11 -07:00

1.0 KiB
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0029"
package = "rgb"
aliases = ["CVE-2020-25016"]
date = "2020-06-14"
informational = "unsound"
keywords = ["type confusion"]
url = "https://github.com/kornelski/rust-rgb/issues/35"

[versions]
patched = [">= 0.8.20"]
unaffected = ["< 0.5.4"]

Allows viewing and modifying arbitrary structs as bytes

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB<T> as bytes, and do not correctly constrain RGB<T> and other wrapper structures to the types for which it is safe to do so.

Safety violation possible for a type wrapped in RGB<T> and similar wrapper structures:

  • If T contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory.
  • If T contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers.
  • Any safety and/or validity invariants for T may be violated.

The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.