OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 09:36:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

actually memoffset also had an uninit-drop vuln, and that affects all versions ever published

Browse Source
This commit is contained in:
Ralf Jung
2019-07-20 12:56:59 +02:00
parent ce7e93d4a9
commit 7e3423c7ec
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/memoffset/RUSTSEC-2019-0011.toml
View File

@@ -2,13 +2,13 @@
id = "RUSTSEC-2019-0011"
package = "memoffset"
date = "2019-07-16"
title = "Flaw in offset_of and span_of causes SIGILL, potential memory unsafety"
title = "Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code"
description = """
Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references.
They also could leat to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic.
The flaw was corrected by using `MaybeUninit`.
"""
patched_versions = [">= 0.5.0"]
unaffected_versions = ["< 0.3.0"]
url = "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"