{"id":"RUSTSEC-2023-0032","summary":"Unsound FFI: Wrong API usage causes write past allocated area","details":"The following usage causes undefined behavior.\n```rust\nlet kp: ntru::types::KeyPair = …;\nkp.get_public().export(Default::default())\n```\n\nWhen compiled with debug assertions, the code above will trigger a `attempt to subtract with overflow` panic before UB occurs.\nOther mistakes (e.g. using `EncParams` from a different key) may always trigger UB.\n\nLikely, older versions of this crate are also affected, but have not been tested.","aliases":["GHSA-fq33-vmhv-48xh"],"modified":"2023-11-08T04:19:06.327800Z","published":"2023-03-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/ntru"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0032.html"},{"type":"REPORT","url":"https://github.com/FrinkGlobal/ntru-rs/issues/8"}],"affected":[{"package":{"name":"ntru","ecosystem":"crates.io","purl":"pkg:cargo/ntru"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":["ntru::types::PrivateKey::export","ntru::types::PublicKey::export"],"arch":[]}},"database_specific":{"cvss":null,"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0032.json","categories":["memory-corruption"]}}],"schema_version":"1.7.3"}