{"id":"RUSTSEC-2021-0089","summary":"Optional `Deserialize` implementations lacking validation","details":"When activating the non-default feature `serialize`, most structs implement\n`serde::Deserialize` without sufficient validation. This allows breaking\ninvariants in safe code, leading to:\n\n* Undefined behavior in `as_string()` methods (which use\n  `std::str::from_utf8_unchecked()` internally).\n* Panics due to failed assertions.\n\nSee https://github.com/gz/rust-cpuid/issues/43.","aliases":["CVE-2021-45687","GHSA-jf5h-cf95-w759","GHSA-w428-f65r-h4q2"],"modified":"2023-11-08T04:07:21.872047Z","published":"2021-01-20T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/raw-cpuid"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0089.html"},{"type":"REPORT","url":"https://github.com/gz/rust-cpuid/issues/43"}],"affected":[{"package":{"name":"raw-cpuid","ecosystem":"crates.io","purl":"pkg:cargo/raw-cpuid"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.1.1-0"},{"fixed":"9.1.1"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"categories":["memory-corruption","denial-of-service"],"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0089.json","informational":null}}],"schema_version":"1.7.3"}