CVE-2021-28036

Name of the Vulnerable Software and Affected Versions: quinn crate versions prior to 0.7.0

Description: The issue arises from the quinn crate's assumption that std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. This assumption leads to a direct cast of the pointers to convert the socket addresses to the system representation. However, the standard library does not guarantee a specific memory layout, which can cause invalid memory access if the standard library's implementation changes. No warnings or errors will be emitted once the change happens.

Recommendations: For quinn crate versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of std::net::SocketAddrV4 and std::net::SocketAddrV6 in the affected crate until a patch is available.