CVE-2021-45695

Name of the Vulnerable Software and Affected Versions: mopa crate through 2021-06-01

Description: An issue was discovered in the mopa crate, where it incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. The mopa crate redefines the deprecated TraitObject struct from core::raw to implement downcasting. However, the Rust compiler explicitly reserves the right to change the memory layout of &dyn Trait for any trait Trait, which could lead to an executable location breach and compromisation of ASLR if the data and vtable are swapped. This could also theoretically allow for arbitrary code execution if reads of vtable generated by the compiler read data instead.

Recommendations: As a temporary workaround, consider avoiding the use of the mopa crate until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.