CVE-2018-21000: Heap overflow or corruption in safe-transmute
(updated )
Affected versions of this crate switched the length and capacity arguments in the Vec::from_raw_parts() constructor, which could lead to memory corruption or data leakage.
References
- github.com/advisories/GHSA-2v78-j59h-fmpf
- github.com/nabijaczleweli/safe-transmute-rs
- github.com/nabijaczleweli/safe-transmute-rs/commit/a134e06d740f9d7c287f74c0af2cd06206774364
- github.com/nabijaczleweli/safe-transmute-rs/pull/36
- nvd.nist.gov/vuln/detail/CVE-2018-21000
- rustsec.org/advisories/RUSTSEC-2018-0013.html
Detect and mitigate CVE-2018-21000 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →