Insecure Deserialization and Memory-Based Confusion Attacks in Boost Serialization #331
Description
An issue was discovered in Boost Serialization v1.89.0 and below. Insecure deserialization of untrusted input under certain conditions may lead to type confusion and ownership confusion, -- redacted --.
-- details redacted temporarily, discussion with maintainers ongoing --