Skip to content

atty potential unaligned read

Low severity GitHub Reviewed Published Jun 30, 2023 to the GitHub Advisory Database • Updated Feb 14, 2024

Package

cargo atty (Rust)

Affected versions

<= 0.2.14

Patched versions

None

Description

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.

atty is Unmaintained

A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

Last release of atty was almost 3 years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

References

Published to the GitHub Advisory Database Jun 30, 2023
Reviewed Jun 30, 2023
Last updated Feb 14, 2024

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-g98v-hv3f-hcfr

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.