CVE-2021-38187: Incorrect cast in anymap

August 25, 2021

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.

References

github.com/advisories/GHSA-hc92-9h3m-c39j
github.com/chris-morgan/anymap
github.com/chris-morgan/anymap/issues/37
nvd.nist.gov/vuln/detail/CVE-2021-38187
rustsec.org/advisories/RUSTSEC-2021-0065.html

Detect and mitigate CVE-2021-38187 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →