CVE-2019-25004

UNKNOWN

Published 2020-12-31T08:32:41

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-25004. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Unsound casting in flatbuffers

GHSA-gx73-2498-r55c

Advisory Details

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.

Affected Packages

crates.io flatbuffers

ECOSYSTEM: ≥0.4.0 <0.6.1

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-25004

WEB https://github.com/google/flatbuffers/issues/5530

PACKAGE https://github.com/google/flatbuffers

WEB https://rustsec.org/advisories/RUSTSEC-2019-0028.html

Advisory provided by GitHub Security Advisory Database. Published: August 25, 2021, Modified: June 13, 2023

References

https://rustsec.org/advisories/RUSTSEC-2019-0028.html

Published: 2020-12-31T08:32:41

Last Modified: 2024-08-05T03:00:18.810Z

Copied to clipboard!

CVE-2019-25004

Expert Analysis

Description

Available Exploits

Related News

GitHub Security Advisories

Unsound casting in flatbuffers

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!