CVE-2020-11105

Name of the Vulnerable Software and Affected Versions USC iLab cereal versions 1.3.0 and earlier

Description An issue was discovered in USC iLab cereal where it employs caching of std::shared ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared ptr variable goes out of scope and is freed, and a new std::shared ptr is allocated at the same address. As a result, serialization fidelity becomes dependent upon memory layout, and serialized std::shared ptr variables cannot always be expected to serialize back into their original values. This can have various consequences depending on the context in which it manifests.

Recommendations For USC iLab cereal versions 1.3.0 and earlier, consider updating to a version that addresses this issue, as the current implementation can lead to unpredictable behavior due to the dependency on memory layout for serialization fidelity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.