{"id":"RUSTSEC-2020-0012","summary":"Relies on undefined behavior of `char::from_u32_unchecked`","details":"The Windows implementation of this crate relied on the behavior of\n`std::char::from_u32_unchecked` when its safety clause is violated.\nEven though this worked with Rust versions up to 1.42 (at least),\nthat behavior could change with any new Rust version, possibly leading\na security issue.\n\nThe flaw was corrected in version 2.0.0.","aliases":["CVE-2020-35865","GHSA-q948-x8rf-888m"],"modified":"2023-11-08T04:03:36.337199Z","published":"2020-04-24T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/os_str_bytes"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0012.html"},{"type":"WEB","url":"https://github.com/dylni/os_str_bytes/pull/1"}],"affected":[{"package":{"name":"os_str_bytes","ecosystem":"crates.io","purl":"pkg:cargo/os_str_bytes"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"2.0.0"}]}],"ecosystem_specific":{"affects":{"os":["windows"],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"informational":null,"categories":[],"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0012.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}