Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::write_unaligned. In platforms with sub-64bit alignment for usize (including wasm32 and x86) these writes are insufficiently aligned some of the time.

If using an ordinary optimized standard library, the bug exhibits Undefined Behavior so may or may not behave in any sensible way, depending on optimization settings and hardware and other things. If using a Rust standard library built with debug assertions enabled, the bug manifests deterministically in a crash (non-unwinding panic) saying "ptr::write requires that the pointer argument is aligned and non-null".

No 64-bit platform is impacted by the bug.

The flaw was corrected by allocating with adequately high alignment on all
platforms.

References

• dtolnay/unsafe-libyaml#21
• dtolnay/unsafe-libyaml@7755559
• https://rustsec.org/advisories/RUSTSEC-2023-0075.html