Miggo Logo
Miggo Vulnerability Database
GHSA-hfxp-p695-629x

GHSA-hfxp-p695-629x: abomonation transmutes &T to and from &[u8] without sufficient constraints

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-hfxp-p695-629x
EPSS Score
-
CWE
-
Published
6/16/2022
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
abomonationrust<= 0.7.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers around unsafe transmutation between Rust references and byte slices. The abomonation crate's core functionality relies on transmuting &T <-> &[u8] through functions like abomonate() (serialization) and decode() (deserialization). These functions: 1) Violate alignment requirements by creating potentially misaligned references 2) Assume stable Rust type layouts 3) Expose padding bytes and pointers. The advisory specifically mentions these transmutes as the vulnerability source, and the test suite failures under Miri confirm the alignment issues. These are the primary entry points for unsafe memory operations described in the vulnerability report.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is tr*nsmut* is *t t** *or* o* t** **omon*tion *r*t*s. It's so **sy to us* it to viol*t* *li*nm*nt r*quir*m*nts t**t no t*st in t** *r*t*'s t*st suit* p*ss*s un**r miri. T** us* o* t*is tr*nsmut* in s*ri*liz*tion/**s*ri*liz*tion *lso in*orr**tly *

Reasoning

T** vuln*r**ility **nt*rs *roun* uns*** tr*nsmut*tion **tw**n Rust r***r*n**s *n* *yt* sli**s. T** **omon*tion *r*t*'s *or* *un*tion*lity r*li*s on tr*nsmutin* &T <-> &[u*] t*rou** *un*tions lik* `**omon*t*()` (s*ri*liz*tion) *n* `***o**()` (**s*ri*l