Name of the Vulnerable Software and Affected Versions Solana Program Library (affected versions not specified)

Description The issue arises from the unpack function in the library, which can lead to undefined behavior when casting a u8 array to arbitrary types. This is due to the potential for misaligned pointer dereferences when casting to types that require larger byte alignment. For example, assigning u16 to the type T can cause a misaligned raw pointer dereference, resulting in a panic. Even when using types aligned to the same byte as u8, such as bool, it can construct an illegal type, as bool can only have specific bit patterns, leading to undefined behavior.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.