CWE-188
AllowedReliance on Data/Memory Layout
Abstraction: Base · Status: Draft
The product makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.
5 vulnerabilities reference this CWE, most recent first.
CVE-2026-21493 (GCVE-0-2026-21493)
Vulnerability from cvelistv5 – Published: 2026-01-06 14:11 – Updated: 2026-01-06 14:33| URL | Tags |
|---|---|
| https://github.com/InternationalColorConsortium/i… | x_refsource_CONFIRM |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalColorConsortium | iccDEV |
Affected:
< 2.3.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:32:26.415966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:33:17.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iccDEV",
"vendor": "InternationalColorConsortium",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-188",
"description": "CWE-188: Reliance on Data/Memory Layout",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:11:27.054Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/358",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/358"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f"
}
],
"source": {
"advisory": "GHSA-p85g-f9q7-jmjx",
"discovery": "UNKNOWN"
},
"title": "iccDEV has Type Confusion during XML Curve Serialization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21493",
"datePublished": "2026-01-06T14:11:27.054Z",
"dateReserved": "2025-12-29T14:34:16.006Z",
"dateUpdated": "2026-01-06T14:33:17.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-458V-4HRF-G3M4
Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2024-02-12 15:55The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "socket2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "net2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.36"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35920"
],
"database_specific": {
"cwe_ids": [
"CWE-188"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T18:53:58Z",
"nvd_published_at": "2020-12-31T09:15:16Z",
"severity": "MODERATE"
},
"details": "The socket2 crate has assumed `std::net::SocketAddrV4` and `std::net::SocketAddrV6` have the same memory layout as the system C representation `sockaddr`. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.\n",
"id": "GHSA-458v-4hrf-g3m4",
"modified": "2024-02-12T15:55:27Z",
"published": "2021-08-25T20:50:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35920"
},
{
"type": "WEB",
"url": "https://github.com/deprecrated/net2-rs/issues/105"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang/socket2-rs/issues/119"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-lang/socket2-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0078.html"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0079.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "socket2 invalidly assumes the memory layout of std::net::SocketAddr"
}
GHSA-JRCF-4JP8-M28V
Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2023-06-13 18:42The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "miow"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.0"
},
{
"fixed": "0.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35921"
],
"database_specific": {
"cwe_ids": [
"CWE-188"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T18:54:07Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.",
"id": "GHSA-jrcf-4jp8-m28v",
"modified": "2023-06-13T18:42:34Z",
"published": "2021-08-25T20:50:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35921"
},
{
"type": "WEB",
"url": "https://github.com/yoshuawuyts/miow/issues/38"
},
{
"type": "WEB",
"url": "https://github.com/yoshuawuyts/miow/pull/39"
},
{
"type": "WEB",
"url": "https://github.com/yoshuawuyts/miow/pull/40"
},
{
"type": "PACKAGE",
"url": "https://github.com/yoshuawuyts/miow"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0080.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "miow invalidly assumes the memory layout of std::net::SocketAddr"
}
GHSA-PF3P-X6QJ-6J7Q
Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2023-06-13 18:42The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "mio"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.0"
},
{
"fixed": "0.7.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35922"
],
"database_specific": {
"cwe_ids": [
"CWE-188"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T18:54:14Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the memory layout, and this will cause invalid memory access if the standard library changes the implementation. No warnings or errors will be emitted once the change happens.",
"id": "GHSA-pf3p-x6qj-6j7q",
"modified": "2023-06-13T18:42:58Z",
"published": "2021-08-25T20:50:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35922"
},
{
"type": "WEB",
"url": "https://github.com/tokio-rs/mio/issues/1386"
},
{
"type": "WEB",
"url": "https://github.com/tokio-rs/mio/pull/1388"
},
{
"type": "WEB",
"url": "https://github.com/tokio-rs/mio/commit/152e0751f0be1c9b0cbd6778645b76bcb0eba93c"
},
{
"type": "PACKAGE",
"url": "https://github.com/tokio-rs/mio"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0081.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "mio invalidly assumes the memory layout of std::net::SocketAddr"
}
GHSA-Q8X8-JRHJ-FH9P
Vulnerability from github – Published: 2026-05-19 19:39 – Updated: 2026-05-19 19:39Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface.
To store an instance of the custom aggregate processor Diesel relied on the sqlite3_aggregate_context function provided by sqlite. This function doesn't provide any guarantees about alignment of the returned allocation, which in turn can lead to problems if the type implementing requires a special alignment, e.g. via a custom #[align(x)] attribute on the type implementing this trait. This affects any user of SqliteAggregate that registers the custom aggregate function with an SQLite connection, while using a non-standard alignment on the type implementing this trait.
Mitigation
The preferred mitigation to the outlined problem is to update to a Diesel version 2.3.8 or newer, which includes fixes for the problem.
Resolution
Diesel now allocates the corresponding memory on Rust side to get a correctly aligned allocation.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "diesel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-188"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-19T19:39:37Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Diesel allows to register custom aggregate SQL functions for SQLite via the `SqliteAggregate` interface.\n\nTo store an instance of the custom aggregate processor Diesel relied on the `sqlite3_aggregate_context` function provided by sqlite. This function doesn\u0027t provide any guarantees about alignment of the returned allocation, which in turn can lead to problems if the type implementing requires a special alignment, e.g. via a custom `#[align(x)]` attribute on the type implementing this trait. This affects any user of `SqliteAggregate` that registers the custom aggregate function with an SQLite connection, while using a non-standard alignment on the type implementing this trait.\n\n## Mitigation\n\nThe preferred mitigation to the outlined problem is to update to a Diesel version 2.3.8 or newer, which includes fixes for the problem.\n\n## Resolution\n\nDiesel now allocates the corresponding memory on Rust side to get a correctly aligned allocation.",
"id": "GHSA-q8x8-jrhj-fh9p",
"modified": "2026-05-19T19:39:38Z",
"published": "2026-05-19T19:39:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/diesel-rs/diesel/pull/5042"
},
{
"type": "PACKAGE",
"url": "https://github.com/diesel-rs/diesel"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0137.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Diesel: Possible unaligned data access for implementations of `SqliteAggregate`"
}
Mitigation
In flat address space situations, never allow computing memory addresses as offsets from another memory address.
Mitigation
Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).
Mitigation
Testing: Test that the implementation properly handles each case in the protocol grammar.
No CAPEC attack patterns related to this CWE.