N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-wm8x-php5-hvq6

GHSA-wm8x-php5-hvq6: Maligned causes incorrect deallocation

maligned::align_first manually allocates with an alignment larger than T, and then uses Vec::from_raw_parts on that allocation to get a Vec<T>.

GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory.

When deallocating, Box and Vec may not respect the specified alignment and can cause undefined behavior.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-wm8x-php5-hvq6

GHSA-wm8x-php5-hvq6:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
maligned	rust	<= 0.2.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

All listed functions use the core vulnerable pattern: 1) Manual allocation with alignment > T's alignment, 2) Construction of standard containers (Vec/Box) via from_raw_parts, 3) Subsequent deallocation using container's type alignment instead of original allocation alignment. The MIRI error demonstrates this mismatch explicitly, and the advisory confirms these functions as affected entry points. The fundamental violation of GlobalAlloc's layout matching requirement makes all these variants inherently vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-wm8x-php5-hvq6: Maligned causes incorrect deallocation

GHSA-wm8x-php5-hvq6:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-wm8x-php5-hvq6: Maligned causes incorrect deallocation

N/A

N/A

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI