diff --git a/crates/buffoon/RUSTSEC-0000-0000.md b/crates/buffoon/RUSTSEC-0000-0000.md new file mode 100644 index 0000000..4a2ac05 --- /dev/null +++ b/crates/buffoon/RUSTSEC-0000-0000.md @@ -0,0 +1,19 @@ +```toml +[advisory] +id = "RUSTSEC-0000-0000" +package = "buffoon" +date = "2020-12-31" +url = "https://github.com/carllerche/buffoon/issues/2" +categories = ["memory-exposure"] +informational = "unsound" + +[versions] +patched = [] +``` + +# InputStream::read_exact : `Read` on uninitialized buffer causes UB + +Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation. + +Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. +Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.