{"ecosystem":"cargo","package":"zerocopy","version":null,"bugs":[{"id":4500,"ecosystem":"cargo","package_name":"zerocopy","affected_version":"0.7.0","fixed_version":"0.7.31","bug_id":"osv:RUSTSEC-2023-0074","title":"Some Ref methods are unsound with some type parameters","description":"The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound\nand may allow safe code to exhibit undefined behavior when used with `Ref<B, T>` where `B`\nis [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or\n[`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these\nmethods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`.\n\nSee https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.\n\nThe current plan is to yank the affected versions soon. See\nhttps://github.com/google/zerocopy/issues/679 for more detail.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/zerocopy","labels":["GHSA-3mv5-343c-w2qg","GHSA-rjhf-4mh8-9xjq"],"created_at":"2026-04-26 03:01:12.289059+00:00","updated_at":"2026-04-26 03:01:12.289059+00:00"},{"id":4499,"ecosystem":"cargo","package_name":"zerocopy","affected_version":"0.2.2","fixed_version":"0.2.9","bug_id":"osv:GHSA-rjhf-4mh8-9xjq","title":"Zerocopy: Some Ref methods are unsound with some type parameters","description":"The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound and may allow safe code to exhibit undefined behavior when used with `Ref<B, T>` where `B` is [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or [`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these methods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`.\n\nSee https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.\n\nThe current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.\n","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/google/zerocopy/issues/679","labels":["GHSA-3mv5-343c-w2qg","RUSTSEC-2023-0074"],"created_at":"2026-04-26 03:01:12.286337+00:00","updated_at":"2026-04-26 03:01:12.286337+00:00"},{"id":4498,"ecosystem":"cargo","package_name":"zerocopy","affected_version":"0.2.2","fixed_version":"0.2.9","bug_id":"osv:GHSA-3mv5-343c-w2qg","title":"Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut","description":"*This advisory is also published as [RUSTSEC-2023-0074](https://rustsec.org/advisories/RUSTSEC-2023-0074.html).*\n\nThe `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound and may allow safe code to exhibit undefined behavior when used with `Ref<B, T>` where `B` is [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or [`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these methods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`.\n\nSee https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.\n\nThe current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.\n","severity":"low","status":"fixed","source":"osv","source_url":"https://github.com/google/zerocopy/security/advisories/GHSA-3mv5-343c-w2qg","labels":["GHSA-rjhf-4mh8-9xjq","RUSTSEC-2023-0074"],"created_at":"2026-04-26 03:01:12.283585+00:00","updated_at":"2026-04-26 03:01:12.283585+00:00"}],"total":3,"_cache":"hit"}