RUSTSEC-2021-0103: 
Rust vulnerability analysis and mitigation

The vulnerability RUSTSEC-2021-0103 (CVE-2021-45697) was discovered in the molecule crate for Rust versions before 0.7.2. The issue was disclosed on December 26, 2021, and affects the FixVec functionality within the molecule crate. The vulnerability involves an incorrect implementation of the total_size function for partial reading of FixVec lengths (NVD, GitHub Advisory).

The vulnerability stems from an incorrect implementation of the total_size function used for partial reading of FixVec lengths. The issue has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a severe security risk with potential for remote exploitation (NVD).

When using the total_size function to partially read the length of any FixVec, users will receive incorrect results due to the implementation flaw. This could potentially lead to memory-related issues and incorrect data processing in applications utilizing the affected versions of the molecule crate (GitHub Advisory).

The vulnerability has been patched in version 0.7.2 of the molecule crate. For users unable to update immediately, a workaround exists: if you have access to the whole FixVec A, you can use A.asslice().len() to obtain the total size of the FixVec instead of using the vulnerable totalsize function (GitHub Advisory).