GHSA-c439-chv8-8g2j: `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

September 2, 2022

The os_socketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation.

These layout were changed into idiomatic rust types in nightly std. Starting from rustc 1.64 the affected versions of this crate will have undefined behaviour.

References

github.com/a-ba/os_socketaddr
github.com/a-ba/os_socketaddr/commit/1bc7f71d40de069727993a18fdada33eb0b4c94f
github.com/a-ba/os_socketaddr/issues/3
github.com/advisories/GHSA-c439-chv8-8g2j
github.com/rust-lang/rust/pull/78802
rustsec.org/advisories/RUSTSEC-2022-0052.html

Detect and mitigate GHSA-c439-chv8-8g2j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →