CVE-2020-35864

Name of the Vulnerable Software and Affected Versions flatbuffers crate through 2020-04-11 for Rust

Description An issue was discovered in the read scalar and read scalar at functions, which are unsound because they allow transmuting values without unsafe blocks. This can lead to creating dangling references. For example, the read scalar function can be used to create a dangling reference by implementing the EndianScalar trait for a custom struct and then using read scalar to read a value of that type.

Recommendations For the flatbuffers crate through 2020-04-11, consider avoiding the use of the read scalar and read scalar at functions until a patch is available, as they can be used to create dangling references. As a temporary workaround, consider adding unsafe blocks to these functions to prevent unsound transmutations. At the moment, there is no information about a newer version that contains a fix for this issue.