CVE-2021-45708

Name of the Vulnerable Software and Affected Versions: abomonation crate versions prior to 2021-10-18

Description: The issue is related to insufficiently constrained transmute operations in the abomonation crate, which can lead to an information leak or ASLR bypass. This is due to the ease of violating alignment requirements and the incorrect assumption of stable layout for repr(Rust) types during serialization and deserialization. The transmute operation can disclose the contents of padding bytes and pointers, potentially leading to information leaks and ASLR bypasses.

Recommendations: For versions prior to 2021-10-18, consider restricting the use of the transmute operation in serialization and deserialization to minimize the risk of exploitation. As a temporary workaround, avoid using the transmute operation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.