Common Weakness Enumeration

CWE-188

Allowed

Reliance on Data/Memory Layout

Abstraction: Base · Status: Draft

The product makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.

5 vulnerabilities reference this CWE, most recent first.

CVE-2026-21493 (GCVE-0-2026-21493)

Vulnerability from cvelistv5 – Published: 2026-01-06 14:11 – Updated: 2026-01-06 14:33
VLAI
Title
iccDEV has Type Confusion during XML Curve Serialization
Summary
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-188 - Reliance on Data/Memory Layout
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
  • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21493",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:32:26.415966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T14:33:17.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-188",
              "description": "CWE-188: Reliance on Data/Memory Layout",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T14:11:27.054Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/358",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/358"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f"
        }
      ],
      "source": {
        "advisory": "GHSA-p85g-f9q7-jmjx",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Type Confusion during XML Curve Serialization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21493",
    "datePublished": "2026-01-06T14:11:27.054Z",
    "dateReserved": "2025-12-29T14:34:16.006Z",
    "dateUpdated": "2026-01-06T14:33:17.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-458V-4HRF-G3M4

Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2024-02-12 15:55
VLAI
Summary
socket2 invalidly assumes the memory layout of std::net::SocketAddr
Details

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "socket2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "net2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.36"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:53:58Z",
    "nvd_published_at": "2020-12-31T09:15:16Z",
    "severity": "MODERATE"
  },
  "details": "The socket2 crate has assumed `std::net::SocketAddrV4` and `std::net::SocketAddrV6` have the same memory layout as the system C representation `sockaddr`. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.\n",
  "id": "GHSA-458v-4hrf-g3m4",
  "modified": "2024-02-12T15:55:27Z",
  "published": "2021-08-25T20:50:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35920"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deprecrated/net2-rs/issues/105"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang/socket2-rs/issues/119"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-lang/socket2-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0078.html"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0079.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "socket2 invalidly assumes the memory layout of std::net::SocketAddr"
}

GHSA-JRCF-4JP8-M28V

Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2023-06-13 18:42
VLAI
Summary
miow invalidly assumes the memory layout of std::net::SocketAddr
Details

The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "miow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.0"
            },
            {
              "fixed": "0.3.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:54:07Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.",
  "id": "GHSA-jrcf-4jp8-m28v",
  "modified": "2023-06-13T18:42:34Z",
  "published": "2021-08-25T20:50:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35921"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yoshuawuyts/miow/issues/38"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yoshuawuyts/miow/pull/39"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yoshuawuyts/miow/pull/40"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/yoshuawuyts/miow"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0080.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "miow invalidly assumes the memory layout of std::net::SocketAddr"
}

GHSA-PF3P-X6QJ-6J7Q

Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2023-06-13 18:42
VLAI
Summary
mio invalidly assumes the memory layout of std::net::SocketAddr
Details

The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "mio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.7.0"
            },
            {
              "fixed": "0.7.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:54:14Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.",
  "id": "GHSA-pf3p-x6qj-6j7q",
  "modified": "2023-06-13T18:42:58Z",
  "published": "2021-08-25T20:50:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35922"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/mio/issues/1386"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/mio/pull/1388"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/mio/commit/152e0751f0be1c9b0cbd6778645b76bcb0eba93c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tokio-rs/mio"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0081.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "mio invalidly assumes the memory layout of std::net::SocketAddr"
}

GHSA-Q8X8-JRHJ-FH9P

Vulnerability from github – Published: 2026-05-19 19:39 – Updated: 2026-05-19 19:39
VLAI
Summary
Diesel: Possible unaligned data access for implementations of `SqliteAggregate`
Details

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface.

To store an instance of the custom aggregate processor Diesel relied on the sqlite3_aggregate_context function provided by sqlite. This function doesn't provide any guarantees about alignment of the returned allocation, which in turn can lead to problems if the type implementing requires a special alignment, e.g. via a custom #[align(x)] attribute on the type implementing this trait. This affects any user of SqliteAggregate that registers the custom aggregate function with an SQLite connection, while using a non-standard alignment on the type implementing this trait.

Mitigation

The preferred mitigation to the outlined problem is to update to a Diesel version 2.3.8 or newer, which includes fixes for the problem.

Resolution

Diesel now allocates the corresponding memory on Rust side to get a correctly aligned allocation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "diesel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-19T19:39:37Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Diesel allows to register custom aggregate SQL functions for SQLite via the `SqliteAggregate` interface.\n\nTo store an instance of the custom aggregate processor Diesel relied on the `sqlite3_aggregate_context` function provided by sqlite. This function doesn\u0027t provide any guarantees about alignment of the returned allocation, which in turn can lead to problems if the type implementing requires a special alignment, e.g. via a custom `#[align(x)]` attribute on the type implementing this trait. This affects any user of `SqliteAggregate` that registers the custom aggregate function with an SQLite connection, while using a non-standard alignment on the type implementing this trait.\n\n## Mitigation\n\nThe preferred mitigation to the outlined problem is to update to a Diesel version 2.3.8 or newer, which includes fixes for the problem.\n\n## Resolution\n\nDiesel now allocates the corresponding memory on Rust side to get a correctly aligned allocation.",
  "id": "GHSA-q8x8-jrhj-fh9p",
  "modified": "2026-05-19T19:39:38Z",
  "published": "2026-05-19T19:39:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/diesel-rs/diesel/pull/5042"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/diesel-rs/diesel"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0137.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Diesel: Possible unaligned data access for implementations of `SqliteAggregate`"
}

Mitigation
Implementation Architecture and Design

In flat address space situations, never allow computing memory addresses as offsets from another memory address.

Mitigation
Architecture and Design

Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).

Mitigation
Testing

Testing: Test that the implementation properly handles each case in the protocol grammar.

No CAPEC attack patterns related to this CWE.