OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report rkyv vulnerability (issue rkyv#113) (#877)

Browse Source 
* Report rkyv vulnerability (issue rkyv#113)

* fix category

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
This commit is contained in:
David Koloski
2021-04-29 04:40:04 -04:00
committed by GitHub
parent 5b3dcb83b4
commit 7086fa22a3
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/rkyv/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "rkyv"
date = "2021-04-28"
url = "https://github.com/djkoloski/rkyv/issues/113"
categories = ["memory-exposure"]
keywords = ["uninitialized", "memory", "information", "leak"]
[versions]
patched = [">= 0.6.0"]
[affected]
functions = { "rkyv::Archive::resolve" = ["< 0.6.0"] }
```
# Archives may contain uninitialized memory
`rkyv` is a serialization framework that writes struct-compatible memory to be stored or
transmitted. During serialization, struct padding bytes and unused enum bytes may not be
initialized. These bytes may be written to disk or sent over unsecured channels.