OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-09 13:09:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #586 from JOE1994/bra

Browse Source 
bra: Read on uninitialized buffer
This commit is contained in:
Sergey "Shnatsel" Davidoff
2021-01-20 20:10:16 +01:00
committed by GitHub
parent 3216d79080 d3a67d2b52
commit 1e6a416585
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/bra/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "bra"
date = "2021-01-02"
url = "https://github.com/Enet4/bra-rs/issues/1"
categories = ["memory-exposure"]
[versions]
patched = [">= 0.1.1"]
```
# reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)
Affected versions of this crate creates an uninitialized buffer and passes it to user-provided `Read` implementation.
This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).
The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer
before handing it to a user-provided `Read` implementation.