Name of the Vulnerable Software and Affected Versions Fyrox versions prior to the latest version on the master branch

Description The issue arises from the transmute vec as bytes API, which incorrectly assumes that any generic type T has a stable layout. This can lead to uninitialized memory exposure if users pass types with padding bytes as T and cast it to a u8 pointer. A proof of concept (PoC) demonstrates that passing a struct type to transmute vec as bytes can result in undefined behavior with Vec::from raw parts. The problem is resolved by changing the trait from Copy to Pod, ensuring that T is plain data.

Recommendations For versions prior to the latest version on the master branch, update to the latest version on the master branch, which includes the patch that changes the trait from Copy to Pod. As a temporary workaround, consider avoiding the use of the transmute vec as bytes API with types that have padding bytes until the issue is resolved.