9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-45709

GHSA ID

GHSA-9hfg-pxr6-q4vp

EPSS Score

0.46164%

CWE

CWE-119

Published

1/6/2022

Updated

8/17/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-45709

CVE-2021-45709:
Use of a Broken or Risky Cryptographic Algorithm in crypto2

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::from_raw_parts_mut, which breaks the contract and introduces undefined behavior.

This affects Chacha20 encryption and decryption in crypto2.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-45709

GHSA ID

GHSA-9hfg-pxr6-q4vp

EPSS Score

0.46164%

CWE

CWE-119

Published

1/6/2022

Updated

8/17/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
crypto2	rust	<= 0.1.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The advisory explicitly lists these three functions in its [affected.functions] section. The vulnerability stems from improper use of std::slice::from_raw_parts_mut to create u32 slices from arbitrary u8 input without ensuring 4-byte alignment, violating Rust's safety contracts. The Chacha20 methods depend on xor_si512_inplace which contains the core unsafe operation. GitHub issue #27 confirms the alignment violation in xor_si512_inplace, and the CWE-119 classification matches the memory safety violation pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** impl*m*nt*tion *o*s not *n*or** *li*nm*nt r*quir*m*nts on input sli**s w*il* in*orr**tly *ssumin* *-*yt* *li*nm*nt t*rou** *n uns*** **ll to st*::sli**::*rom_r*w_p*rts_mut, w*i** *r**ks t** *ontr**t *n* intro*u**s un***in** ****vior. T*is *****t

Reasoning

T** **visory *xpli*itly lists t**s* t*r** *un*tions in its [*****t**.*un*tions] s**tion. T** vuln*r**ility st*ms *rom improp*r us* o* st*::sli**::*rom_r*w_p*rts_mut to *r**t* u** sli**s *rom *r*itr*ry u* input wit*out *nsurin* *-*yt* *li*nm*nt, viol*

9.8

Basic Information

Concerned about an active attack path?

CVE-2021-45709: Use of a Broken or Risky Cryptographic Algorithm in crypto2

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2021-45709:
Use of a Broken or Risky Cryptographic Algorithm in crypto2

Vulnerability Intelligence
Miggo AI