GHSA-rjhf-4mh8-9xjq: 
Rust vulnerability analysis and mitigation

The zerocopy crate contains a vulnerability (GHSA-rjhf-4mh8-9xjq) where certain Ref methods (into_ref, into_mut, into_slice, and into_slice_mut) are unsound when used with specific type parameters. The vulnerability affects multiple versions of the crate (>= 0.2.2, < 0.2.9; >= 0.3.0, < 0.3.2; >= 0.4.0, < 0.4.1; >= 0.5.0, < 0.5.2; >= 0.6.0, < 0.6.6; >= 0.7.0, < 0.7.31) and was discovered and disclosed in December 2023 (GitHub Advisory, RustSec Advisory).

The vulnerability occurs when Ref methods are used with B type parameters set to cell::Ref or cell::RefMut. The issue stems from insufficient lifetime guarantees where B: 'a only requires that the underlying RefCell lives for at least 'a, but the CoreRef itself may be dropped sooner and still satisfy CoreRef<[u8]>: 'a. This can lead to undefined behavior in safe code, as demonstrated by Miri analysis (GitHub Issue).

When exploited, this vulnerability can lead to undefined behavior in completely safe code. The impact is particularly concerning when using Ref type with B = CoreRef<[u8]> or B = CoreRefMut<[u8]> in combination with the affected methods. However, the real-world impact may be limited as these specific combinations are reportedly rarely used in practice (GitHub Issue).

The issue has been fixed in multiple version releases: 0.2.9, 0.3.2, 0.4.1, 0.5.2, 0.6.6, and 0.7.31. The fix implements a post-monomorphization check that causes code which exercises this undefined behavior to fail compilation. Users should upgrade to the patched versions appropriate for their version train (GitHub Advisory).

The discovery led to discussions about yanking policy within the project, with some users expressing concerns about the impact of yanking on downstream consumers. The project maintainers implemented a policy to yank affected versions after publishing fixes to each affected minor version (GitHub Issue).