CVE-2020-35920

Name of the Vulnerable Software and Affected Versions socket2 versions prior to 0.3.16

Description The issue arises from the socket2 crate assuming that std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. This assumption leads to the crate simply casting pointers to convert socket addresses to the system representation. However, since the standard library does not guarantee a specific memory layout, any changes to the implementation could result in invalid memory access. Notably, such changes would not emit warnings or errors, potentially leading to unforeseen issues.

Recommendations For versions prior to 0.3.16, update to version 0.3.16 or later to resolve the issue. As a temporary workaround, consider avoiding the use of std::net::SocketAddrV4 and std::net::SocketAddrV6 in situations where their memory layout might be critical until the update can be applied.