Skip to content

impl `FromMdbValue` for bool is unsound

Moderate severity GitHub Reviewed Published Jul 19, 2023 to the GitHub Advisory Database • Updated Jul 19, 2023

Package

cargo lmdb-rs (Rust)

Affected versions

<= 0.7.6

Patched versions

None

Description

The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of reproducing the bug are available here.

References

Published to the GitHub Advisory Database Jul 19, 2023
Reviewed Jul 19, 2023
Last updated Jul 19, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-f9g6-fp84-fv92

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.