CVE-2021-27376

Name of the Vulnerable Software and Affected Versions nb-connect crate versions prior to 1.0.3

Description The issue arises from the nb-connect crate's assumption that std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. This assumption leads to a direct cast of the pointers to convert the socket addresses to the system representation. However, the standard library does not guarantee a specific memory layout, which can cause invalid memory access if the standard library's implementation changes. No warnings or errors will be emitted once the change occurs.

Recommendations For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of std::net::SocketAddrV4 and std::net::SocketAddrV6 until a patch is applied.