{"id":"RUSTSEC-2024-0424","summary":"Unsound usages of `core::slice::from_raw_parts_mut`","details":"The library breaks the safety assumptions when using unsafe API `slice::from_raw_parts_mut`. The pointer passed to `from_raw_parts_mut` is misaligned by casting `u8` to `u16` raw pointer directly, which is unsound. The bug is patched by using `align_offset`, which could make sure the memory address is aligned to 2 bytes for `u16`.  \n\nThis was patched in 0.11.2 in the [commit](https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d).","aliases":["GHSA-f7qj-v3vp-4856"],"modified":"2025-10-28T06:29:24.276187Z","published":"2024-12-19T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/libafl"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0424.html"},{"type":"REPORT","url":"https://github.com/AFLplusplus/LibAFL/issues/1526"},{"type":"WEB","url":"https://github.com/AFLplusplus/LibAFL/pull/1530"}],"affected":[{"package":{"name":"libafl","ecosystem":"crates.io","purl":"pkg:cargo/libafl"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.11.2"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":["libafl::observers::map::HitcountsMapObserver::post_exec"],"arch":[]}},"database_specific":{"informational":"unsound","categories":[],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0424.json","cvss":null}}],"schema_version":"1.7.3"}