OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-10 13:41:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

acc_reader: API Soundness issue in fill_buf() and read_up_to() (#664)

Browse Source 
* Report 0079-acc_reader to RustSec

* informational = "unsound"
This commit is contained in:
Youngsuk Kim
2021-08-21 21:30:45 -04:00
committed by GitHub
parent 03144b1978
commit 25838dcf1d
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/acc_reader/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "acc_reader"
date = "2020-12-27"
url = "https://github.com/netvl/acc_reader/issues/1"
categories = ["memory-exposure"]
informational = "unsound"
[versions]
patched = []
```
# `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation.
Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.
Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.