Skip to content

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

Low
joshlf published GHSA-3mv5-343c-w2qg Dec 14, 2023

Package

cargo zerocopy (Rust)

Affected versions

0.2.2 through 0.2.8
0.3.0 through 0.3.1
0.4.0
0.5.0
0.6.0 through 0.6.5
0.7.0 through 0.7.30

Patched versions

0.2.9
0.3.2
0.4.1
0.5.2
0.6.6
0.7.31

Description

This advisory is also published as RUSTSEC-2023-0074.

The Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound and may allow safe code to exhibit undefined behavior when used with Ref<B, T> where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut.

See #716 for a more in-depth analysis.

The current plan is to yank the affected versions soon. See #679 for more detail.

Severity

Low

CVE ID

No known CVE

Weaknesses

No CWEs