CVE-2019-25004

Name of the Vulnerable Software and Affected Versions flatbuffers crate versions prior to 0.6.1

Description An issue in the flatbuffers crate for Rust allows arbitrary bytes to be reinterpreted as a bool, defeating soundness. The implementation of impl Follow for bool enables this reinterpretation, violating the stringent requirements for the in-memory representation of bool in Rust and potentially invoking undefined behavior in safe code.

Recommendations For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the impl Follow for bool function to minimize the risk of exploitation.