CVE-2021-45708: Abomonation transmutes &T to and from &[u8] without sufficient constraints

January 6, 2022 (updated June 13, 2023)

An issue was discovered in the abomonation crate through version 0.7.3 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.

References

github.com/TimelyDataflow/abomonation
github.com/TimelyDataflow/abomonation/issues/23
github.com/advisories/GHSA-5vwc-r48g-wj6c
nvd.nist.gov/vuln/detail/CVE-2021-45708
raw.githubusercontent.com/rustsec/advisory-db/main/crates/abomonation/RUSTSEC-2021-0120.md
rustsec.org/advisories/RUSTSEC-2021-0120.html

Code Behaviors & Features

Detect and mitigate CVE-2021-45708 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →