CVE-2020-35919

Name of the Vulnerable Software and Affected Versions net2 crate versions prior to 0.2.36

Description The issue arises from the net2 crate's assumption that std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. This assumption leads to the crate simply casting pointers to convert socket addresses to the system representation. However, the standard library does not guarantee a specific memory layout, which could result in invalid memory access if the library's implementation changes. No warnings or errors will be emitted once the change occurs.

Recommendations For net2 crate versions prior to 0.2.36, update to version 0.2.36 or later to resolve the issue. As a temporary workaround, consider avoiding the use of std::net::SocketAddrV4 and std::net::SocketAddrV6 until the update is applied.