OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

csv-sniffer: reading on uninitialized memory may cause undefined behavior (#666)

Browse Source 
* Report 0092-csv-sniffer to RustSec

* informational = "unsound"
This commit is contained in:
Youngsuk Kim
2021-08-21 21:33:07 -04:00
committed by GitHub
parent ec590b08b7
commit 2e4cdf36d0
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/csv-sniffer/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "csv-sniffer"
date = "2021-01-05"
url = "https://github.com/jblondin/csv-sniffer/issues/1"
categories = ["memory-exposure"]
informational = "unsound"
[versions]
patched = []
```
# `Read` on uninitialized memory may cause UB (fn preamble_skipcount())
Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation (within `fn preamble_skipcount()`).
Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.
Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.