GHSA-jcr6-4frq-9gjj: Users vulnerable to unaligned read of `const const c_char` pointer

September 11, 2023 (updated September 13, 2023)

Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior.

In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibility of working correctly in some architectures.

The crate is not currently maintained, so a patched version is not available.

References

github.com/advisories/GHSA-jcr6-4frq-9gjj
github.com/ogham/rust-users
github.com/ogham/rust-users/issues/55
rustsec.org/advisories/RUSTSEC-2023-0059.html

Code Behaviors & Features

Detect and mitigate GHSA-jcr6-4frq-9gjj with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →