rustsec-2023-0075
Vulnerability from osv_rustsec
Affected versions allocate memory using the alignment of usize and write data
to it of type u64, without using core::ptr::write_unaligned. In platforms
with sub-64bit alignment for usize (including wasm32 and x86) these writes
are insufficiently aligned some of the time.
If using an ordinary optimized standard library, the bug exhibits Undefined Behavior so may or may not behave in any sensible way, depending on optimization settings and hardware and other things. If using a Rust standard library built with debug assertions enabled, the bug manifests deterministically in a crash (non-unwinding panic) saying "ptr::write requires that the pointer argument is aligned and non-null".
No 64-bit platform is impacted by the bug.
The flaw was corrected by allocating with adequately high alignment on all platforms.
{
"affected": [
{
"database_specific": {
"categories": [],
"cvss": null,
"informational": "unsound"
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "unsafe-libyaml",
"purl": "pkg:cargo/unsafe-libyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.2.10"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"GHSA-r24f-hg58-vfrw"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "Affected versions allocate memory using the alignment of `usize` and write data\nto it of type `u64`, without using `core::ptr::write_unaligned`. In platforms\nwith sub-64bit alignment for `usize` (including wasm32 and x86) these writes\nare insufficiently aligned some of the time.\n\nIf using an ordinary optimized standard library, the bug exhibits Undefined\nBehavior so may or may not behave in any sensible way, depending on\noptimization settings and hardware and other things. If using a Rust standard\nlibrary built with debug assertions enabled, the bug manifests deterministically\nin a crash (non-unwinding panic) saying _\"ptr::write requires that the pointer\nargument is aligned and non-null\"_.\n\nNo 64-bit platform is impacted by the bug.\n\nThe flaw was corrected by allocating with adequately high alignment on all\nplatforms.",
"id": "RUSTSEC-2023-0075",
"modified": "2024-02-10T15:57:43Z",
"published": "2023-12-20T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/unsafe-libyaml"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0075.html"
},
{
"type": "REPORT",
"url": "https://github.com/dtolnay/unsafe-libyaml/issues/21"
}
],
"related": [],
"severity": [],
"summary": "Unaligned write of u64 on 32-bit and 16-bit platforms"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.