You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There was a security advisory for lexical (RUSTSEC-2023-0055), which uses lexical-core for the implementation. There was a few discovered instances of undefined behavior with a comprehensive code analysis due to further misuse of MaybeUninit.
This affected all versions before lexical 7.0 and lexical-core before 1.0. All of the issues initially discovered were:
There were a few more patches that were implemented as part of that fix (also all related to misuse of MaybeUninit. All older versions of lexical-core should therefore have a security advisory associated with them.
There was a security advisory for lexical (RUSTSEC-2023-0055), which uses lexical-core for the implementation. There was a few discovered instances of undefined behavior with a comprehensive code analysis due to further misuse of
MaybeUninit.This affected all versions before lexical 7.0 and lexical-core before 1.0. All of the issues initially discovered were:
try_parse_{4,8}digitsappear to advance iterators out of bounds Alexhuszagh/rust-lexical#101Bytes::read()Alexhuszagh/rust-lexical#102unsafe traitor private Alexhuszagh/rust-lexical#104The additional discovered unsoundness includes:
There were a few more patches that were implemented as part of that fix (also all related to misuse of
MaybeUninit. All older versions of lexical-core should therefore have a security advisory associated with them.Here's additional instances of unsoundness:
The text was updated successfully, but these errors were encountered: