GHSA-wm8x-php5-hvq6: Maligned causes incorrect deallocation

March 7, 2023

maligned::align_first manually allocates with an alignment larger than T, and then uses Vec::from_raw_parts on that allocation to get a Vec<T>.

References

doc.rust-lang.org/std/alloc/trait.GlobalAlloc.html
github.com/advisories/GHSA-wm8x-php5-hvq6
github.com/tylerhawkes/maligned
github.com/tylerhawkes/maligned/issues/5
rustsec.org/advisories/RUSTSEC-2023-0017.html

Code Behaviors & Features

Detect and mitigate GHSA-wm8x-php5-hvq6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →