{"id":"RUSTSEC-2023-0074","summary":"Some Ref methods are unsound with some type parameters","details":"The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound\nand may allow safe code to exhibit undefined behavior when used with `Ref\u003cB, T\u003e` where `B`\nis [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or\n[`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these\nmethods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`.\n\nSee https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.\n\nThe current plan is to yank the affected versions soon. See\nhttps://github.com/google/zerocopy/issues/679 for more detail.","aliases":["GHSA-3mv5-343c-w2qg","GHSA-rjhf-4mh8-9xjq"],"modified":"2024-02-10T16:26:48.086990Z","published":"2023-12-14T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/zerocopy"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0074.html"},{"type":"REPORT","url":"https://github.com/google/zerocopy/issues/716"}],"affected":[{"package":{"name":"zerocopy","ecosystem":"crates.io","purl":"pkg:cargo/zerocopy"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.2.2"},{"fixed":"0.2.9"},{"introduced":"0.3.0"},{"fixed":"0.3.2"},{"introduced":"0.4.0"},{"fixed":"0.4.1"},{"introduced":"0.5.0"},{"fixed":"0.5.2"},{"introduced":"0.6.0"},{"fixed":"0.6.6"},{"introduced":"0.7.0"},{"fixed":"0.7.31"}]}],"ecosystem_specific":{"affects":{"functions":["zerocopy::Ref::into_mut","zerocopy::Ref::into_mut_slice","zerocopy::Ref::into_ref","zerocopy::Ref::into_slice"],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"categories":[],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0074.json","informational":null}}],"schema_version":"1.7.3"}