{"id":"RUSTSEC-2024-0347","summary":"Incorrect usage of `#[repr(packed)]`","details":"The affected versions make unsafe memory accesses under the assumption that `#[repr(packed)]` has a guaranteed field order. \n\nThe Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 (1.80.0-beta) starts \nreordering fields of `#[repr(packed)]` structs, leading to illegal memory accesses.\n\nThe patched versions `0.9.7` and `0.10.4` use `#[repr(C, packed)]`, which guarantees field order.","aliases":["GHSA-xrv3-jmcp-374j"],"modified":"2025-10-28T06:29:27.173105Z","published":"2024-07-01T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/zerovec"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0347.html"}],"affected":[{"package":{"name":"zerovec","ecosystem":"crates.io","purl":"pkg:cargo/zerovec"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.9.7"},{"introduced":"0.10.0"},{"fixed":"0.10.4"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"functions":[],"os":[]}},"database_specific":{"categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0347.json","cvss":null,"informational":null}}],"schema_version":"1.7.3"}