GHSA-c439-chv8-8g2j – os_socketaddr

Package

Manager: cargo
Name: os_socketaddr
Vulnerable Version: >=0 <0.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

EPSS: N/A pctlN/A

Details

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr The [`os_socketaddr`](https://crates.io/crates/os_socketaddr) crate has assumed `std::net::SocketAddrV4` and `std::net::SocketAddrV6` have the same memory layout as the system C representation `sockaddr`. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were [changed into idiomatic rust types](https://github.com/rust-lang/rust/pull/78802) in nightly `std`. Starting from rustc 1.64 the affected versions of this crate will have undefined behaviour.

Metadata

Created: 2022-09-02T22:29:41Z
Modified: 2022-09-02T22:29:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c439-chv8-8g2j/GHSA-c439-chv8-8g2j.json
CWE IDs: []
Alternative ID: N/A
Finding: F113
Auto approve: 1