OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

bra: Read on uninitialized buffer

Browse Source
This commit is contained in:
JOE1994
2021-01-18 22:33:36 -05:00
parent 3fbe06486f
commit d3a67d2b52
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/bra/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "bra"
date = "2021-01-02"
url = "https://github.com/Enet4/bra-rs/issues/1"
categories = ["memory-exposure"]
[versions]
patched = [">= 0.1.1"]
```
# reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)
Affected versions of this crate creates an uninitialized buffer and passes it to user-provided `Read` implementation.
This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).
The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer
before handing it to a user-provided `Read` implementation.