-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability lies in the any_as_u8_slice function within the borrowck_sacrifices crate. The provided commit 1bdaa14da68a6e8207f9e81359116f53139800f2 directly addresses this issue. The commit message, "v0.2.0 - fix unsound read of uninitialized memory via safe function", clearly indicates the nature of the fix.
The core of the vulnerability is that any_as_u8_slice was declared as a safe function (pub fn). However, its implementation uses unsafe code to create a byte slice (&[u8]) that covers the entire memory footprint of a given type T, including any padding bytes. The Rust compiler does not guarantee that padding bytes are initialized. The core::slice::from_raw_parts function, which is used internally, has a safety contract that requires all bytes in the resulting slice to be initialized. By exposing this operation through a safe interface, the function violates this contract and can lead to undefined behavior when a program reads these uninitialized padding bytes.
The patch changes the function signature from pub fn any_as_u8_slice to pub unsafe fn any_as_u8_slice. This change doesn't alter the function's internal logic but correctly marks it as unsafe, forcing any developer using it to acknowledge the potential memory safety issues and handle them within an unsafe block. Therefore, the vulnerable function is the original, safe version of any_as_u8_slice that existed prior to this patch.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| borrowck_sacrifices | rust | < 0.2.0 | 0.2.0 |
A Semantic Attack on Google Gemini - Read the Latest Research