From d3a67d2b52e94eb984af7520dabf0fc3c3292ce3 Mon Sep 17 00:00:00 2001
From: JOE1994 <joseph942010@gmail.com>
Date: Mon, 18 Jan 2021 22:33:36 -0500
Subject: [PATCH] bra: Read on uninitialized buffer

---
 crates/bra/RUSTSEC-0000-0000.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 crates/bra/RUSTSEC-0000-0000.md

diff --git a/crates/bra/RUSTSEC-0000-0000.md b/crates/bra/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..230ee5b
--- /dev/null
+++ b/crates/bra/RUSTSEC-0000-0000.md
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "bra"
+date = "2021-01-02"
+url = "https://github.com/Enet4/bra-rs/issues/1"
+categories = ["memory-exposure"]
+
+[versions]
+patched = [">= 0.1.1"]
+```
+
+# reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)
+
+Affected versions of this crate creates an uninitialized buffer and passes it to user-provided `Read` implementation.
+
+This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).
+
+The flaw was corrected in version 0.1.1 by zero-initializing a newly allocated buffer
+before handing it to a user-provided `Read` implementation.