CVE-2020-35903

Name of the Vulnerable Software and Affected Versions dync crate versions prior to 0.5.0

Description An issue in the dync crate allows misaligned element access because the type in question is not always u8. Specifically, VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types, leading to misaligned access.

Recommendations For versions prior to 0.5.0, update to version 0.5.0 or later, which resolves the issue by replacing the Vec storage with a custom managed pointer that stores and retrieves elements using types with proper alignment corresponding to the original types.