Non-aligned u32 read in Chacha20 encryption and decryption
High severity
GitHub Reviewed
Published
Jun 16, 2022
to the GitHub Advisory Database
•
Updated Jun 13, 2023
Description
Published to the GitHub Advisory Database
Jun 16, 2022
Reviewed
Jun 16, 2022
Last updated
Jun 13, 2023
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to
std::slice::from_raw_parts_mut
, which breaks the contract and introduces undefined behavior.This affects Chacha20 encryption and decryption in crypto2.
References