Name of the Vulnerable Software and Affected Versions Solana Program Library (affected versions not specified)

Description The issue arises from the unpack function in the library, which casts a u8 array to arbitrary types. This can lead to undefined behaviors due to misaligned pointer dereferences when casting to types that require larger byte alignment, such as u16. Even when casting to types aligned to the same byte as u8, like bool, it can construct illegal types, resulting in undefined behavior. The full extent of potential exploits is not yet clear, and the issue is reported as unsound.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.