OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 09:36:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #864 from ammaraskar/outer_cgi

Browse Source 
[patched] Add advisory for uninitialized exposure in outer_cgi
This commit is contained in:
Sergey "Shnatsel" Davidoff
2021-04-02 10:18:42 +02:00
committed by GitHub
parent 333e5cb0b1 1f8dfd9503
commit a2e3067e4c
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/outer_cgi/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "outer_cgi"
date = "2021-01-31"
url = "https://github.com/SolraBizna/outer_cgi/issues/1"
categories = ["memory-exposure"]
[versions]
patched = [">= 0.2.1"]
```
# KeyValueReader passes uninitialized memory to Read instance
The `KeyValueReader` type in affected versions of this crate set up an
uninitialized memory buffer and passed them to be read in to a user-provided
`Read` instance.
The `Read` instance could read uninitialized memory and cause undefined
behavior and miscompilations.
This issue was fixed in commit [dd59b30](https://github.com/SolraBizna/outer_cgi/commit/dd59b3066e616a08e756f72de8dc3ab11b7036c4)
by zero-initializing the buffers before passing them.