N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-gfgm-chr3-x6px

EPSS Score

CWE

Published

12/30/2022

Updated

1/7/2023

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-gfgm-chr3-x6px

GHSA-gfgm-chr3-x6px: prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:

To guarantee the size is correct, we have to first do Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined behavior (UB).
Even if (1) is sound, &Vec<T> and &[T] still might not have the same layout. Treating them equally may lead to undefinted behavior (UB).

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-gfgm-chr3-x6px

GHSA-gfgm-chr3-x6px:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-gfgm-chr3-x6px

EPSS Score

CWE

Published

12/30/2022

Updated

1/7/2023

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
prettytable-rs	rust	< 0.10.0	0.10.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The advisory explicitly identifies Table::as_ref as the vulnerable function. The code sample from GHSA-gfgm-chr3-x6px shows unsafe transmutation of references (immutable to mutable for shrink_to_fit) and type-punning between Vec<T> and [T] types. These operations violate Rust's safety guarantees by creating multiple mutable aliases and assuming type layout compatibility, both of which are undefined behavior according to Rust's ownership and type systems.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-gfgm-chr3-x6px: prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

GHSA-gfgm-chr3-x6px:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

N/A

N/A

GHSA-gfgm-chr3-x6px: prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI