RUSTSEC-2023-0074: Vulnerability in zerocopy

Rust Crates.io Security Advisory


History
Edit
JSON (OSV)

RUSTSEC-2023-0074

Some Ref methods are unsound with some type parameters


Reported
Issued

Package

zerocopy
(crates.io)

Type

Vulnerability

Keywords

#ref

#refcell

#mutable-aliasing

References
Patched
  • >=0.2.9, <0.3.0
  • >=0.3.2, <0.4.0
  • >=0.4.1, <0.5.0
  • >=0.5.2, <0.6.0
  • >=0.6.6, <0.7.0
  • >=0.7.31
Unaffected
  • <0.2.2
Affected Functions
Version
zerocopy::Ref::into_mut
  • >=0.2.2, <0.2.9
  • >=0.3.0, <0.3.2
  • >=0.4.0, <0.4.1
  • >=0.5.0, <0.5.2
  • >=0.6.0, <0.6.6
  • >=0.7.0, <0.7.31
zerocopy::Ref::into_mut_slice
  • >=0.2.2, <0.2.9
  • >=0.3.0, <0.3.2
  • >=0.4.0, <0.4.1
  • >=0.5.0, <0.5.2
  • >=0.6.0, <0.6.6
  • >=0.7.0, <0.7.31
zerocopy::Ref::into_ref
  • >=0.2.2, <0.2.9
  • >=0.3.0, <0.3.2
  • >=0.4.0, <0.4.1
  • >=0.5.0, <0.5.2
  • >=0.6.0, <0.6.6
  • >=0.7.0, <0.7.31
zerocopy::Ref::into_slice
  • >=0.2.2, <0.2.9
  • >=0.3.0, <0.3.2
  • >=0.4.0, <0.4.1
  • >=0.5.0, <0.5.2
  • >=0.6.0, <0.6.6
  • >=0.7.0, <0.7.31

Description

The Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound
and may allow safe code to exhibit undefined behavior when used with Ref where B
is cell::Ref or
cell::RefMut. Note that these
methods remain sound when used with B types other than cell::Ref or cell::RefMut.

See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.

The current plan is to yank the affected versions soon. See
https://github.com/google/zerocopy/issues/679 for more detail.

Advisory available under CC0-1.0
license.

READ MORE