RUSTSEC-2020-0009: 
Rust vulnerability analysis and mitigation

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust, identified as RUSTSEC-2020-0009 (CVE-2020-35864). The vulnerability involves the read_scalar and read_scalar_at functions, which can perform unsafe transmutations of values without proper safety blocks (RustSec Advisory).

The vulnerability centers around the read_scalar and read_scalar_at functions in the flatbuffers crate, which behave similarly to transmute operations. These functions can lead to undefined behavior for types where not all bit patterns are valid (such as bool or NonZero*) and potentially create dangling pointers. The severity is rated as HIGH with a CVSS v3.1 Base Score of 7.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability can cause undefined behavior in Rust applications using the flatbuffers crate, potentially leading to memory safety violations and application crashes. The issue affects versions from 0.4.0 up to and including 1.12.0 of the flatbuffers crate (NVD).

Several breaking solutions have been proposed: making read_scalar and read_scalar_at functions unsafe, making the EndianScalar trait unsafe, or restructuring the EndianScalar trait to implement safer alternatives using explicit byte manipulation methods (GitHub Issue).