kwctl
kwctl copied to clipboard
Published
20 hours ago •
kubewarden
kubewarden
RUSTSEC-2023-0086: Multiple soundness issues
Multiple soundness issues
| Details | |
|---|---|
| Status | unsound |
| Package | lexical-core |
| Version | 0.8.5 |
| URL | |
| Date | 2023-09-03 |
RUSTSEC-2024-0377 contains multiple soundness issues:
- Bytes::read() allows creating instances of types with invalid bit patterns
- BytesIter::read() advances iterators out of bounds
-
The
BytesItertrait has safety invariants but is public and not markedunsafe -
write_float()callsMaybeUninit::assume_init()on uninitialized data, which is is not allowed by the Rust abstract machine -
radix()callsMaybeUninit::assume_init()on uninitialized data, which is is not allowed by the Rust abstract machine
Version 1.0 fixes these issues, removes the vast majority of unsafe code, and also fixes some correctness issues.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}