Skip to content

memoffset allows reading uninitialized memory

Moderate severity GitHub Reviewed Published Jun 21, 2023 to the GitHub Advisory Database • Updated Jun 21, 2023

Package

cargo memoffset (Rust)

Affected versions

< 0.6.2

Patched versions

0.6.2

Description

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::size_of<T> may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::align_of. Older implementation prior to it allows using uninitialized data obtained from std::mem::uninitialized with arbitrary type then compute offset by taking the address of field-projection. This may also result in an undefined behavior for "father" that includes (directly or transitively) type that does not allow to be uninitialized.

This flaw was corrected by using std::ptr::addr_of in Gilnaa/memoffset#50.

References

Published to the GitHub Advisory Database Jun 21, 2023
Reviewed Jun 21, 2023
Last updated Jun 21, 2023

Severity

Moderate

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-wfg4-322g-9vqv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.