GHSA-gfgm-chr3-x6px – prettytable-rs

Package

Manager: cargo
Name: prettytable-rs
Vulnerable Version: >=0 <0.10.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior In function `Table::as_ref`, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do `Vec::shrink_to_fit`. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined behavior (UB). 2. Even if (1) is sound, `&Vec<T>` and `&[T]` still might not have the same layout. Treating them equally may lead to undefinted behavior (UB).

Metadata

Created: 2022-12-30T17:48:30Z
Modified: 2022-12-30T17:48:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-gfgm-chr3-x6px/GHSA-gfgm-chr3-x6px.json
CWE IDs: []
Alternative ID: N/A
Finding: F113
Auto approve: 1