CVE-2021-45708 – abomonation

Package

Manager: cargo
Name: abomonation
Vulnerable Version: >=0 <=0.7.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00291 pctl0.52029

Details

Abomonation transmutes &T to and from &[u8] without sufficient constraints An issue was discovered in the abomonation crate through version 0.7.3 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.

Metadata

Created: 2022-01-06T22:08:22Z
Modified: 2023-06-13T16:03:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-5vwc-r48g-wj6c/GHSA-5vwc-r48g-wj6c.json
CWE IDs: ["CWE-668"]
Alternative ID: GHSA-5vwc-r48g-wj6c
Finding: F017
Auto approve: 1