CVE-2018-21000

Name of the Vulnerable Software and Affected Versions safe-transmute crate versions prior to 0.10.1

Description An issue was discovered in the safe-transmute crate where a constructor's arguments are in the wrong order, causing heap memory corruption. The affected versions of this crate switched the length and capacity arguments in the Vec::from raw parts() constructor, which could lead to memory corruption or data leakage.

Recommendations For versions prior to 0.10.1, update to version 0.10.1 or later to fix the issue. As a temporary workaround, consider using the Vec::from raw parts() constructor correctly by ensuring the length and capacity arguments are in the correct order until a patch is available.