OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-26 16:07:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for uninitialized exposure in outer_cgi

Browse Source
This commit is contained in:
Ammar Askar
2021-03-31 08:17:57 -07:00
parent 333e5cb0b1
commit 1f8dfd9503
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/outer_cgi/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "outer_cgi"
date = "2021-01-31"
url = "https://github.com/SolraBizna/outer_cgi/issues/1"
categories = ["memory-exposure"]
[versions]
patched = [">= 0.2.1"]
```
# KeyValueReader passes uninitialized memory to Read instance
The `KeyValueReader` type in affected versions of this crate set up an
uninitialized memory buffer and passed them to be read in to a user-provided
`Read` instance.
The `Read` instance could read uninitialized memory and cause undefined
behavior and miscompilations.
This issue was fixed in commit [dd59b30](https://github.com/SolraBizna/outer_cgi/commit/dd59b3066e616a08e756f72de8dc3ab11b7036c4)
by zero-initializing the buffers before passing them.