Miggo Logo
Miggo Vulnerability Database
GHSA-g753-ghr7-q33w

GHSA-g753-ghr7-q33w: cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-g753-ghr7-q33w
EPSS Score
-
CWE
-
Published
6/22/2023
Updated
6/22/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
cyfs-baserust<= 0.6.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is clearly located in ChunkId::new as shown in multiple sources:

  1. The advisory specifically names this function
  2. The GitHub issue #275 shows the vulnerable code pattern
  3. The unsafe pointer cast and dereference operation matches the described UB
  4. The file path matches the commit diff showing the test case addition
  5. The operation violates Rust's safety requirements by performing unaligned accesses in safe code

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *un*tion `**unkI*::n*w` *r**t*s * mis*li*n** point*r *y **stin* mut**l* point*r o* `u*` sli** w*i** **s *li*nm*nt * to t** mut**l* point*r o* `u**` w*i** **s *li*nm*nt *, *n* **r***r*n** t** mis*li*n** point*r l***in* U*, w*i** s*oul* not ** *llo

Reasoning

T** vuln*r**ility is *l**rly lo**t** in **unkI*::n*w *s s*own in multipl* sour**s: *. T** **visory sp**i*i**lly n*m*s t*is *un*tion *. T** *it*u* issu* #*** s*ows t** vuln*r**l* *o** p*tt*rn *. T** uns*** point*r **st *n* **r***r*n** op*r*tion m*t***