cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new` · GHSA-g753-ghr7-q33w · GitHub Advisory Database · GitHub

cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`

Moderate severity GitHub Reviewed Published Jun 22, 2023 to the GitHub Advisory Database • Updated Jun 22, 2023

Package

cyfs-base (Rust)

Affected versions

<= 0.6.12

Patched versions

None

Description

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function.

References

Published to the GitHub Advisory Database Jun 22, 2023

Reviewed Jun 22, 2023

Last updated Jun 22, 2023