OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 23:36:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Assigned RUSTSEC-2021-0016 to ms3d

Browse Source
This commit is contained in:
Shnatsel
2021-01-31 00:46:34 +00:00
committed by GitHub
parent 1640747e83
commit cdf5a460d8
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.duplicate-id-guard
View File

@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
03b2146bc527a64a357406ac5dec149a114e38ed1ff589fee2404636b97bc213 -
4dc39db1aa41093a6d8d7f4e31fab287416f039f5c067b9fd6caa91c3144a281 -

4
crates/ms3d/RUSTSEC-0000-0000.md → crates/ms3d/RUSTSEC-2021-0016.md
View File

@@ -1,6 +1,6 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
id = "RUSTSEC-2021-0016"
package = "ms3d"
date = "2021-01-26"
url = "https://github.com/andrewhickman/ms3d/issues/1"
@@ -17,4 +17,4 @@ Affected versions of this crate passes an uninitialized buffer to a user-provide
Arbitrary `Read` implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer.
Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
The flaw was fixed in commit 599313b by zero-initializing the buffer (via `self.buf.resize(len, 0)`) before passing it to `Read`.
The flaw was fixed in commit 599313b by zero-initializing the buffer (via `self.buf.resize(len, 0)`) before passing it to `Read`.