{"id":"RUSTSEC-2023-0017","summary":"`maligned::align_first` causes incorrect deallocation","details":"`maligned::align_first` manually allocates with an alignment larger than T, and then uses `Vec::from_raw_parts` on that allocation to get a `Vec\u003cT\u003e`.\n\n[`GlobalAlloc::dealloc`](https://doc.rust-lang.org/std/alloc/trait.GlobalAlloc.html#tymethod.dealloc) requires that the `layout` argument must be the same layout that was used to allocate that block of memory.\n\nWhen deallocating, `Box` and `Vec` may not respect the specified alignment and can cause undefined behavior.","aliases":["GHSA-wm8x-php5-hvq6"],"modified":"2023-11-08T04:23:53.984745Z","published":"2023-03-04T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/maligned"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0017.html"},{"type":"REPORT","url":"https://github.com/tylerhawkes/maligned/issues/5"}],"affected":[{"package":{"name":"maligned","ecosystem":"crates.io","purl":"pkg:cargo/maligned"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"functions":["maligned::align_first","maligned::align_first_boxed","maligned::align_first_boxed_cloned","maligned::align_first_boxed_default"],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0017.json","informational":"unsound","cvss":null}}],"schema_version":"1.7.3"}