OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

flumedb: Reading on uninitialized buffer may cause UB ( read_entry() ) (#661)

Browse Source 
* Report 0100-flumedb to RustSec

* informational = "unsound"
This commit is contained in:
Youngsuk Kim
2021-08-21 21:23:49 -04:00
committed by GitHub
parent 383c6359f5
commit c487b0ceea
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/flumedb/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "flumedb"
date = "2021-01-07"
url = "https://github.com/sunrise-choir/flumedb-rs/issues/10"
categories = ["memory-exposure"]
informational = "unsound"
[versions]
patched = []
```
# `Read` on uninitialized buffer may cause UB ( `read_entry()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided `Read` implementation.
There are two of such cases (`go_offset_log::read_entry()` & `offset_log::read_entry()`).
Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.
Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.