CVE-2021-45709

Name of the Vulnerable Software and Affected Versions: crypto2 crate through 2021-10-08 for Rust

Description: An issue was discovered in the crypto2 crate that affects Chacha20 encryption and decryption. The implementation does not enforce alignment requirements on input slices, incorrectly assuming 4-byte alignment through an unsafe call to std::slice::from raw parts mut. This breaks the contract and introduces undefined behavior.

Recommendations: For the crypto2 crate through 2021-10-08, consider updating to a version that enforces alignment requirements on input slices to prevent undefined behavior during Chacha20 encryption and decryption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.