PT-2019-16421 · Rust · Flatbuffers

Published

2019-10-20

Updated

2021-08-25

CVE-2019-25004

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions flatbuffers crate versions prior to 0.6.1

Description An issue in the flatbuffers crate for Rust allows arbitrary bytes to be reinterpreted as a bool, defeating soundness. The implementation of impl Follow for bool enables this reinterpretation, violating the stringent requirements for the in-memory representation of bool in Rust and potentially invoking undefined behavior in safe code.

Recommendations For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the impl Follow for bool function to minimize the risk of exploitation.

Exploit

Fix

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-704

Related Identifiers

CVE-2019-25004

GHSA-GX73-2498-R55C

RUSTSEC-2019-0028

Affected Products

Flatbuffers

PT-2019-16421 · Rust · Flatbuffers

CVE-2019-25004

Weakness Enumeration

Related Identifiers

Affected Products

References · 10