CVE-2020-35922

Name of the Vulnerable Software and Affected Versions mio crate versions prior to 0.7.6

Description The issue arises from the mio crate's assumption about the memory representation of std::net::SocketAddr. It has assumed that std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. This assumption can lead to invalid memory access if the standard library changes its implementation. The standard library does not provide any information about the memory layout, and no warnings or errors will be emitted once the change happens.

Recommendations For versions prior to 0.7.6, update to version 0.7.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of std::net::SocketAddrV4 and std::net::SocketAddrV6 until the issue is resolved. Restrict access to the affected mio crate to minimize the risk of exploitation.